VIEW 20
Threat actors: Botnets
Sometimes you can be involved in a cyber-attack where the intended victim is someone else. Crypto-jacking is a good example of this, where your system has been hijacked and control has been ceded to a third party. A ‘bot master’ will link together a large number of these hijacked machines and assemble them into a botnet which can then be rented out to other cyber criminals on the dark web.
A botnet can be employed for a variety of purposes. They are often used in Distributed Denial of Service attacks to take down a company’s website by overloading it with spurious requests. In the case of crypto-jacking, the processing power of the botnet is used to mine for bitcoin on the internet. Botnets are also commonly employed to spew out phishing emails. A fourth and particularly lucrative exploit is to use a botnet for advertising fraud. The diagram to the right illustrates how this works.
How ad fraud works Google pay per click advertising service has four key steps as shown:
1. User clicks on web ad 2. Ad click is registered by Google 3. Google pays money to web owner 4. Advertiser pays Google
However, a cybercriminal can set up a new website and then use a botnet to automatically click on the Google web ads. Since it can be hard to distinguish if a real human being or a botnet is clicking on the ad link, the website owner can fraudulently extract a river of cash from Google and ultimately from advertisers.
A study by Juniper Research in May 2019 estimated that advertisers are losing $42bn every year to this type of ad fraud and that it could grow to $100bn a year by 2023. The same study concluded that as much as 50% of internet advertising could never actually be reaching real humans. Advertisers are understandably concerned about this and suspect that Google is not addressing the problem as vigorously as it should because to do so would dramatically reduce Google’s advertising revenues. Google strenuously denies this.
