Question 279 - N10-008 discussion

A botnet is a network of compromised devices that are remotely controlled by a maliciousactor, usually for the purpose of launching distributed denial-of-service (DDoS) attacks, sendingspam, stealing data, or performing other malicious activities1.A malware infection is a common way of compromising internet-connected devices and makingthem part of a botnet. Malware is any software that is designed to harm or exploit a device, anetwork, or a user.Malware can be delivered through various methods, such as phishing emails,malicious downloads, drive-by downloads, or removable media2.Malware can infect a deviceand allow a remote attacker to take control of it, monitor its activities, or use its resources3 The use of default credentials is another common way of compromising internet-connecteddevices and making them part of a botnet. Default credentials are the username and passwordcombinations that are preconfigured by the manufacturer or vendor of a device, such as arouter, a camera, or a printer. Default credentials are often easy to guess or find online, andmany users do not change them after setting up their devices. This makes the devicesvulnerable to unauthorized access and manipulation by attackers who can scan the internet fordevices with default credentials and add them to their botnet .A deauthentication attack is a type of wireless attack that aims to disconnect a legitimate userfrom a wireless network by sending spoofed deauthentication frames to the user's device orthe access point (AP). A deauthentication attack can cause a denial of service, disrupt networkcommunication, or facilitate other attacks, such as capturing the handshake during thereconnection process. However, a deauthentication attack does not compromise the device ormake it part of a botnet.IP spoofing is a technique of forging the source IP address of a packet to make it appear as if itcame from a different device or location. IP spoofing can be used to bypass security filters, hidethe identity of the attacker, or launch reflection or amplification attacks. However, IP spoofingdoes not compromise the device or make it part of a botnet, unless it is combined with othermethods, such as malware infection or exploitation of vulnerabilities.Firmware corruption is a condition where the firmware of a device, which is the software thatcontrols its basic functions and operations, becomes damaged or altered due to variousreasons, such as power surges, hardware failures, malicious attacks, or improper updates.Firmware corruption can cause the device to malfunction, lose data, or become inaccessible.However, firmware corruption does not compromise the device or make it part of a botnet,unless it is caused by a malicious attack that replaces the firmware with a malicious version.A dictionary attack is a type of brute-force attack that tries to guess the password of a user or adevice by using a list of common or likely passwords, such as those found in a dictionary, adatabase, or a previous breach. A dictionary attack can be used to compromise a device andmake it part of a botnet, but only if the device has a weak or predictable password. Therefore, adictionary attack is not a direct way of compromising a device, but rather a means of exploitingthe use of default or weak credentials.