A micro-botnet, also called a mini-botnet or baby botnet, is a small network of Internet-connected computers that have been hijacked to attack specific companies or individuals within a company. Micro-botnets are often used in corporate espionage. Typically, the bots will monitor the enterprise network to identify key individuals and assets and target them for attack. The bots are used to seek out information like financial authentication passwords or data that can be sold to competitors.
Because there are usually fewer than one hundred computers to control in a micro-botnet, attackers can fine-tune an exploit to circumvent an enterprise intrusion detection system (IDS) or firewall. A successful micro-botnet infiltration often depends on social engineering because it's much easier to gain access and hide a small botnet's activities when the attacker has legitimate credentials. Red flags indicating the presence of a micro-botnet include new spikes in an individual's normal traffic patterns or quickly accelerating rights in a specific end user's permissions.
According to Gunter Ollmann, VP of research at Damballa, small botnets account for 57 percent of all botnets.