Post compromise – botnets and DDoS attacks
Once systems have been initially compromised via one of the Cybersecurity Usual Suspects, like unpatched vulnerabilities and/or social engineering as we discussed in this chapter, any information of value is siphoned from victims' systems to be sold or traded. At this point, attackers have full control of the systems they have compromised. Many times, victims' systems are enlisted into botnets and used to perform whatever illicit projects their operators desire, including DDoS attacks.
There's a lot that can be written about botnets, how they operate, and the projects they are typically employed on. In fact, entire books have been dedicated to botnets. I won't try to duplicate those here. But I do want to briefly mention a few things on this topic.
It goes without saying that botnets have garnered a lot of attention over the years. When I worked at Microsoft, the Microsoft Digital Crimes Unit (DCU) worked with law enforcement...