Cyberattacks using botnets are sold for $100 on the dark web, Kaspersky reveals

Experts from Kaspersky analyzed botnet offers (ads) on the dark web and Telegram channels and discovered that scammers can buy them to use in cyberattacks, for prices starting at $99. It was also revealed that it is possible to rent or purchase leaked source codes, for a nominal price, to customize or create your own malware. Kaspersky also explains some important security measures to avoid falling victim to this threat.

Botnet is a network of malware-infected devices that can be controlled remotely and range from smart toothbrushes to advanced connected devices such as industrial equipment. A well-known example of a botnet is the Miraimade up of common electronic devices (such as security cameras and routers) that were infected and turned into a “zombie” network controlled by hackers. In 2016, it was used to take down major websites and online services, causing major outages.

“O Mirai is one of the most famous examples of a botnet. This group scans the Internet for IoT devices with default passwords to gain access to them and infects them. The infected devices then become part of the botnet, which can be remotely controlled to carry out various types of cyberattacks.”, explains Fabio Assolini, Director of Kaspersky’s Global Research and Analysis Team for Latin America.

Cybercriminals create botnets to sell. The process begins with infecting devices, using various types of malware, malicious infrastructures, and hacking techniques depending on the type of device to be infected. Once the botnet is formed, the fraudsters offer it to other criminals on the black market, and prices depend on the quality of the network. This year, the cheapest offers started at $99 and the most expensive reached $10,000.

There are also botnets available for rent. Prices range from $30 to $4,800 per month. “Rentable botnets enable activities such as illegal cryptocurrency mining or ransomware attacks. Open sources report that the average ransom is two million dollars. In contrast, renting a botnet is significantly lower and can pay off with just one successful attack,” adds Assolini. Since the beginning of 2024, Kaspersky experts have observed more than 20 botnet offers for rent or sale on dark web forums and Telegram channels.

Other options: leaked bots and custom development

In addition to purchasing a ready-made solution, there are cheaper ways to access botnets. Just as legitimate data can be leaked, cybercriminal groups can also release a botnet’s source code publicly. This access can be obtained for free or for a fee of $10 to $50, according to information from approximately 400 dark web and Telegram posts observed since early 2024. However, leaked botnets are considered an option for less sophisticated criminals, as they are more likely to be detected by security solutions.

To avoid threats related to cybercriminals’ activities on the Internet, Kaspersky recommends implementing the following security measures:

• Use o Kaspersky Digital Footprint Intelligence to quickly discover potential attack vectors available on your system. This also helps to improve awareness of existing cybercriminal threats, to adjust your defenses accordingly or take remedial action.
• Choose a reliable endpoint security solution. The company cites Kaspersky Next.
• To prevent your devices from becoming infected and becoming part of a botnet, always personalize your access credentials. All electronic devices leave the factory with a default login and password – and this information is public (it can be found in the user manual). When creating a new password, create a unique and complex code – with numbers, symbols, and upper and lower case letters. This good practice will make it harder for your device to be infected.