Kaspersky’s analysts scoured the dark web and specialized Telegram channels to uncover the going rates for botnet services. What they found is alarming: prices range from a mere $99 to a staggering $10,000. This wide range reflects the diverse ecosystem of botnet offerings, catering to both amateur cybercriminals and sophisticated threat actors.
The research identified three primary ways botnets are monetized in the underground market:
- Rental services
- Custom development
- Sale of cheap botnets with leaked source code
Each model targets different customer segments, from those seeking temporary access to those wanting bespoke solutions.
The IoT Threat Landscape
One of the most concerning trends is the exploitation of Internet of Things (IoT) devices to create botnets. Cybercriminals are targeting vulnerable consumer and corporate gadgets, from smart cameras to advanced industrial equipment. Often, these devices are compromised due to weak passwords or unpatched vulnerabilities.
Alarming statistic: In the first half of 2024, the number of infected IoT devices doubled compared to the same period last year. This trend is likely mirrored in other regions, highlighting the urgent need for better IoT security practices.
The Botnet Marketplace: A Closer Look
Rental Services: Pay-as-you-go Cybercrime
Botnet rentals have become increasingly popular, offering cybercriminals flexibility without the need for technical expertise. Prices for these services range from $30 to $4,800 per month, depending on the botnet’s size and capabilities.
Custom-built Botnets: Tailored for Maximum Impact
For those seeking a more personalized approach, custom botnet development starts at around $3,000. These transactions often occur through private channels, with developers chosen based on their reputation in the underground community.
Budget Options: Leaked Source Code Botnets
At the lower end of the market, we find botnets built from leaked source code. While less effective, they’re incredibly cheap, ranging from free to $50. These attract novice cybercriminals or those looking to experiment with botnet capabilities.
Protecting Against the Botnet Threat
As a cybersecurity professional, I can’t stress enough the importance of proactive measures to protect against botnet infections. Here are some key recommendations:
- Implement strong, unique passwords for all devices, especially IoT gadgets.
- Regularly update and patch all systems and devices.
- Use reputable security software that can detect and prevent botnet infections.
- Educate employees and users about the risks of clicking suspicious links or downloading unknown attachments.
- Consider network segmentation to isolate IoT devices from critical systems.
The botnet market’s diversity and accessibility underscore the persistent threat these networks pose to individuals and organizations alike. As cybersecurity professionals, we must stay informed about these underground markets and continuously adapt our defenses. For readers, this serves as a stark reminder of the importance of basic security hygiene and the need for ongoing education about cyber threats.
Stay safe, stay informed, and remember: in the world of cybersecurity, knowledge is your best defense.