IoT Botnets Grow Stronger and Larger

We are now living the reality of connected things, where billions of devices carry the promise of saving us time on mundane tasks and better organizing our lives. This is also a reality where hackers can exploit vulnerabilities and lax security standards to create botnets with tens of thousands of smart devices.

An internet-of-things botnet is simply a network of gadgets that are no longer under the sole control of their owners; it serves unlawful purposes, like launching denial of service attacks, mining for cryptocurrency, or acts as a proxy server that carries malicious traffic or commands. Since the IoT segment continues to evolve rapidly, and it does so ungoverned by general security standards, cybercriminals waste no opportunity to get their finger in the pie.

Mirai represents a milestone in leveraging rogue smart devices, showing that their strength is in numbers and that their security context allows hijacking a huge army with little more than port scans and default credentials. After its code was released to the public, hundreds of variants spawned with denial of service (DoS) as the primary attack goal.

In the past four months, media headlines saw names like Satori, Mirai Okiru, Reaper, Hide ‘N Seek, BrickerBot. Although they may differ in purpose and the way they hijack IoT devices, they all share code from the original Mirai. However, news outlets bring into the spotlight only the operations that come with differences, so the number of botnets running in the shadows is much larger.

Smart gadgets are not powerful on their own, but thousands of them working together to the same goal does yield incredible results. In its 2017 cybersecurity report, Cisco says that botnets of smart gadgets are “growing in both size and power, and are increasingly capable of unleashing powerful attacks that could severely disrupt the Internet.”

The analysis reveals that distributed denial of service (DDoS) is still the main purpose of IoT botnets, but it notes a shift from attacking network bandwidth to going after web applications, which are more specific targets that lead to the same service disruption results. The explanation for this is that IoT botnets are “less resource-intensive than PC botnets to build,” which allows adversaries to “invest more resources in developing advanced code and malware.”

Depriving hackers of the opportunity to hijack smart gadgets requires an effort from the vendors that should be doubled by the users. Warnings to change default credentials and vulnerability patch releases are no good if users do not follow through and set a strong access password or don’t install the latest fixes. Also, in lack of proper security regulations, it would be better to choose a product from a distributor with a track record in adopting healthy security standards.

Image credit: geralt