With the rise IoT Botnet attacks, it’s crucial to know about them and mitigate the threat they pose to enterprises. Let’s have a look at the latest Mirai IoT botnet and know how to prevent such massive-scale botnet attacks.
The exponential rise of IoT spectrum has made CIOs focus on the cost efficiency and utilization of this technology often ignoring the security aspects. This in turn has affected numerous IoT systems and devices in the site with various security vulnerabilities. Several security aspects like easily guessable default passwords, lack of security updates, unsecured File Transfer Protocol, and other parameters pose a high threat of critical data theft.
The IoT trend seems to presents the comfort and automated features of IoT like controlling the lighting and Audio/Video system in a smart city. While on the other side, hackers are busy with identifying such targets for specific security vulnerabilities in IoT devices and targeting them with their malicious bots. For a CISO/CSO, it’s not strange to see this two perspectives and apply their mind.
The event that occurred in 2016 gives us a better understanding on the devastation caused by IoT Botnets. The high profile botnet attack on the DNS service provider Dyn involved multiple DDoS attacks targeting systems, services and Internet platforms across Europe and North America. Online services and applications such as GitHub, Twitter, Spotify, Amazon, went offline resulting in unavailability of services to millions of users. Later the investigations revealed that the Mirai malware which is an IoT Botnet was responsible for the infection of millions of IoT connected devices such as residential gateways, IP cameras, network printers, and baby monitors involved 10 million different IP addresses. After the initial attack, another attack which used Mirai malware using several botnets tried to take the entire country of Liberia offline. One would shudder to know that each IoT Botnet delivered 500 Gbps of disruptive data for several minutes which is massive scale in every dimension.
One of the real-time threat to enterprises is the case of hackers controlling the data center’s temperature sensor through IoT climate control devices. Through this way, the hackers can turn the temperature to its maximum value and thus causing mayhem to the devices in the data center. In future, it wouldn’t be a surprise if the hackers have their absolute control over remote IoT based camera devices installed in enterprises and put the entire perimeter under their surveillance. The hard reality is that hackers are constantly evolving and learning the use of optimal time to control IoT devices and deliver the malicious remote attack on massive scale.
The prevention of IoT devices from being digital agents of botnets and exposing your enterprise to more nefarious threats requires diligence. The recent DDoS attacks targeting numerous IoT devices have created a sense of urgency for security in IoT ecosystem.
The basic security of IoT devices can be ensured by CISOs deputing a dedicated security team to review of IoT systems and devices for potential vulnerabilities of malware. Obviously, the security review has to done before the procurement process. Additional security testing has to be done to make sure that each and every IoT device has the option to change the user login credentials rather than having a permanent default username and password. Here, it’s worth noting that if some IoT based devices are unpatchable, they should be discarded entirely and CISOs should not sacrifice the security aspect for the cost factor. Other security process is to have a robust password policy of composing strong passwords and changing them at random and regular intervals.
One of the ways through which IoT based malware affects the device is through a backdoor which is created by the malware writers. As I see it, CISOs should automate and manage security updates in every IoT devices in addition to various systems and networks. This process in turn checks and removes the potential threat of IoT botnets functionality of successive attacks that compromises user and system data, user device control, and even user privacy as these devices are used for surveillance.
I have always believed that encryption is one of the key component of security. By enabling protocols like HTTPS and SSH to support encryption and strong authentication always minimizes the chances of malware attack. Of course, the Shodan DataBase is a useful tool for checking if a particular connected IoT device is vulnerable to malware attacks. Disabling services and process that are not essential such as devices that have telnet, FTP or similar services is an effective way to secure the IoT devices that may be vulnerable to botnets. Deployment of security gateways is essential process to inspect, audit, and control network communications, and check the integrity of data transfers. Additionally, IoT management hubs and services should be secured to mitigate the risks of IoT Botnets.
Clear and Present Danger
It’s reported that by the year 2020, there will be 200 billion connected digital devices in the world. The rate at which IoT devices are growing is exponential and in future DDoS attack may reach a magnitude of 10 Tbps which could take out a major portion of a country. And such massive scale attack could render several online services unavailable to millions of legitimate users.
The next generation botnets will be designed to exploit every vulnerabilities in IoT devices and spread rapidly across continents. Thus, the onus is on everyone involved in the ecosystem to secure the IoT devices, systems and networks to harness the full benefits of IoT technology.