Last year, cybersecurity experts predicted a steep rise in cryptojackers, or malware designed to utilize a victim’s hardware to mine cryptocurrency for its author. Though there was some cryptojacker activity in the beginning of 2019 — and though some cryptojackers continue to float around the web — the method of attack is producing much less activity than expected. In fact, though cryptocurrency continues to rise in value, cryptojacking seems less popular than ever.
That’s because hackers who would be developing and launching cryptojacking attacks are distracted by another, much juicier opportunity: a botnet. Malware that creates and manages botnets is easily some of the most serious malicious programming on the web, but it rarely gets much press and certainly isn’t a concern of most computer users. Worst of all, the largest and most dangerous botnet is coming back to life, and the notable lack of press is threatening everyone’s cyber safety.
Why Botnets Matter Most
Before we dive into the current state of botnets, we might need to explain what botnets are, what they do and why they matter to both security experts and everyday users. The word “botnet” is a combination of the words “robot” and “network,” which in a broad sense accurately describes what botnets are: a linked system of semi-autonomous devices. Botnets are created because the more devices that are linked together, the more power a person or group has at their disposal.
Unfortunately, the term “botnet” isn’t used to describe legitimate networks of devices working in concert for a universally beneficial aim. Instead, cybercriminals create botnets by infecting others’ devices with malware, giving themselves a backdoor through which they can come and go as they please. Then, once a botnet is of a practical size, the criminals leverage the power of the botnet to perform nefarious deeds.
Most often, botnets are used to wage cyberwar against a particularly well-defended adversary, like the Mirai botnet did against Dyn, an internet performance management company, in 2016. Botnet attacks tend to have devastating effects; in the same case with Dyn, Mirai was able to shut down internet access for nearly the entire East Coast of the U.S. However, sometimes botnets are used for more passive criminal activities, like mining cryptocurrency. Cryptocurrency requires substantial processing power to generate — these days, there are enormous banks of servers around the world pulling so much energy mining Bitcoin that it is impacting carbon levels — and a network of linked devices can do more than one device alone. This is a major reason that cryptojacking is less popular than botnets, especially considering that they are spread in a similar fashion.
Most devices become infected with botnet malware the same way they would catch any other malware — through corrupted downloads, webpages, links and more. Regular users can prevent their devices from joining a botnet by practicing smart cyber hygiene and using max security antivirus tools, which identify, quarantine and remove suspicious files before they can do damage. Yet, there is a good chance that some users have encountered a botnet before — specifically, the biggest and baddest botnet of all: Emotet.
The Rise, Fall and Rise of Emotet
Like many botnets, Emotet began in 2014 as a relatively rudimentary piece of malware that strove to break into users’ computers and pilfer sensitive information, especially banking credentials. Unfortunately, Emotet evolved rapidly, adding new functionality that makes it much, much more than basic malware.
Today, Emotet is part-Trojan, part-worm and part Malware-as-a-Service, doing everything from spying on users’ activities to transferring money from their financial accounts to sending itself to countless users through spam emails and more. Worse, Emotet is absurdly good at hiding itself within a user’s computer, so many devices have been infected for years without detection from anti-malware software or services. As soon as a device becomes infected with Emotet, it is added to the botnet. Then, the malware continues to install additional threats on the device while leveraging its processing power for botnet attacks, cryptocurrency mining or other despicable deeds.
Emotet has been active since 2014, steadily gaining additional power to make it the largest and most controlling botnet known to experts. Yet, for the past three months or so, Emotet has been silent — i.e. not sending out spam email copies of itself, which it does continuously to increase its reach. At first, experts suspected that Emotet was thwarted by some cybersecurity measure, or maybe its authors abandoned the botnet or lost contact with it. Yet, it seems now that Emotet was only bolstering itself, adding new capabilities that make it better than ever at infiltrating users’ devices and launching coordinated attacks.
Those with strong cyber hygiene and strong cybersecurity should be able to stay out of Emotet’s clutches. It is imperative that device users everywhere avoid suspicious downloads, emails, links and more to ensure they stay safe from the seemingly eternally dangerous Emotet.