Look, it’s hard to care about all the bad stuff going on in the world. You’ve got an adopted cat, a reusable straw, and you try your best to understand all the social issues you see people getting mad about on Twitter. At the end of the day, you’re doing your best.
So you’ll be forgiven if you just can’t quite work up the energy to care if your computers or IoT devices are caught up in a botnet. Aren’t everyone’s anyway? The internet still works, right? You just can’t bring yourself to care because even if those botnets are doing bad things, you’re not personally affected. What if you were, though? What if your computers or devices being enslaved in a botnet had a real impact on you and your life?
Keep a look out for these three consequences of getting caught in a botnet.
DDoS costs for device owners
One of the most infamous uses of botnets is, of course, distributed denial of service attacks. Unless you’re someone concerned with keeping a business or website online, you’re probably not too torn up over these attacks and you might not be worried about botnets using your IoT devices to get their dirty deeds done. For a long time, DDoS attacks have been considered one of the undetectable uses of a botnet, and it’s still true that you probably will not know if your devices have been recruited for DDoS assaults as device performance is not likely to be impacted.
However, what could be affected is your bandwidth and power bills. A study on the 2016 DDoS attack on security researcher Brian Krebs found that each of the 300,000 devices in the botnet involved in the attack cost their owners $13.50 for the 77 hours the attack was active. All of those device owners could have used that $13.50 to buy a ticket to Deadpool but no, they had to fund a DDoS attack instead. Just like you are if your devices are in a botnet, even if you would never know it.
Crypto jacked up
Over the last few years cryptocurrency has blown up into one of the hottest investments going. Cryptomining, the process of earning percentages of cryptocoins by dedicating your computer to solving complex equations in order to verify cryptocurrency transactions, has relatedly blown up into a serious money-making endeavor for many people.
The more computing resources a person can dedicate to cryptomining, the more money they can make. Enter the cryptomining botnet, a gigantic network of computers infected with malware so someone running a command and control server can put those computers to work verifying transactions. This process is cutely called cryptojacking. Unlike DDoS attacks, cryptojacking is a major drain on your computer’s resources, and if you can still manage to use your computer while someone else is using it to mine cryptocoins, the performance will be seriously impacted.
Private data not so private
As you read this there is a scarily brilliant piece of botnet malware snaking its way around the internet. It’s armed with over 100 versions of its malware deliverable in order to help guarantee its success on a wide range of IoT devices, and it has seven different methods of staying installed on a device that it uses all at once to keep the owner from wiping the device clean. This malware is assembling the Torii botnet, and beyond those malware details, researchers don’t yet know a whole lot about this botnet because it’s hidden behind all kinds of encryption. They don’t know how big it is or who might be behind it or even what the criminals running it might want to do with it. However, they know one thing for certain, and it’s that this botnet has the ability to spy on and steal your private data including payment card information and passwords. That data being stolen could lead to some real-life consequences indeed.
Locking down devices
To get out of any botnets you might already be caught in you’re going to want to get an anti-malware program on any computer or device on which such a program can be used. This includes tablets and phones. More gadget-y types of IoT devices are trickier because many of them can’t run dedicated security programs. For those, do a reboot, go to the manufacturer website and install all patches and security updates, and switch the login and password so the devices aren’t using the default information they came with. If you get your security right, well, you can go back to not caring about botnets. No one could blame you for wanting it that way.