They're also increasing in number with the latest cybercrime report from ThreatMetrix suggesting that the number of attacks between January and March this year is up by over a third, compared with just the previous quarter. The report states that 311 million bot attacks were detected and stopped by its technology in the opening three months of 2016.
Now however, the cybersecurity researchers say that botnets are being used in a new way - to test stolen login details in a way which allows them to evade detection by security systems.
Rather than just overwhelming systems or using brute force in an effort to break in, this new kind of botnet operates in a more subtle way. This 'low and slow' - as researchers describe it - type of bot attack is ultimately used as means of testing stolen credentials purchased from cybercriminal forums on the dark web.
Taking its time over the course of a few days, the botnet attempts to log into thousands of accounts to determine which of the stolen login details are valid. Then when logins and passwords are found to be real, the fraudsters can then use them to attempt to log into elsewhere - such as e-commerce or banking websites - in an effort to make off with personal and financial data.
In total, Threatmetrix detected 264 million attacks of this type in the e-commerce sector alone, suggesting that cybercriminals see retail as something of a rich target when it comes to stealing data.
Given that so many users won't think twice about using the same email and password combination for their online retail logins as their actual email address, it's not hard to see why this could turn into a goldmine for hackers.
For privacy and security, change these iOS 9 settings right now