Protect your business from IoT Botnets

Gartner, Inc. forecasts that 8.4 billion connected things will be in use worldwide in 2017, up 31 percent from 2016, and will reach 20.4 billion by 2020. With the number of IoT devices dramatically accelerating, there is corresponding increase in the number of botnets and cyber-attacks. Also read – Secure IoT Platform

A traditional botnet is a collection of compromised IT Systems (such as servers, network devices, computers), often referred to as zombies, infected with malware that allows an attacker to control them, carrying out tasks on their behalf. Botnet owners or herders are able to control these infected machines in the botnet by means of a covert channel such as Internet Relay Chat (IRC) or peer-to-peer. These control methods issue commands to perform malicious activities such as distributed-denial-of-service (DDoS) attacks, spam mail or information theft.

An IoT botnet is a collection of compromised IoT devices, such as cameras, routers, DVRs, wearables and other embedded technologies, infected with malware. This malware allows an attacker to control the devices, carrying out tasks just like a traditional botnet. Unlike traditional botnets, infected IoT devices seek to spread their malware, persistently targeting more and more devices. While a traditional botnet may consist of thousands or tens of thousands of devices, an IoT botnet is larger in scale, with hundreds of thousands of compromised devices.

Also read – MSSP’s strategy to monetize from IoT & 5G

HNS is an IoT botnet (Hide and Seek) originally discovered by BitDefender in January this year. As on Jan 26, 2018 – The botnet now controls 32,312 IoT devices. Also, the botnet seems to undergo massive development as new samples compiled for a variety of architectures have been added as payloads

According to one report, one Dark Web advertisement had a 50,000-device botnet for rent for a two-week duration to conduct one-hour attacks with five- to-10-minute cool downs in between at a rate of $3000-$4000.

According to the AT&T Global State of Cybersecurity report, 35% of organizations report that IoT devices were the primary source of data breaches in the past 12 months and 68% of them expect IoT threats to increase in the coming year. While 90% of organizations have conducted enterprise-wide cyber risk assessments in the past year, just 50% have conducted risk assessments specific to IoT threats.

Why attackers choose IoT botnets?

  1. Weak passwords (e.g. default credentials, exposed services)
  2. Always connected
  3. Adoption of Smart devices with low security standards
  4. Devices are rarely monitored and maintained
  5. Zero cost for attackers

How can organizations and users protect their assets from IoT botnets?

  1. Security Awareness – Its no-more the responsibility of cyber security professionals to be cautions and updating his/her skills. Any technocrat who are the users of smart devices [Smart TV, CCTV, Refrigerators, Sensors, Alexa, etc.] need to know who their assets can compromised and what precautions they’ve taken to prevent it.
  2. Encryption – In the context of botnets, encryption prevents data from being accessed or altered while it’s being sent. (By default, Telnet doesn’t encrypt any data, meaning that it’s possible for anyone to intercept data sent over the connection.) TLS/SSL is the mostly widely used protocol for encrypting data in-transit and turns plaintext data into unreadable ciphertext.
  3. Circle of Trust – A chain of trust is a set of guarantees that a piece of hardware is operating in a secure state. It starts with a piece of hardware that boots from its own immutable (meaning unchangeable) memory, ensuring that the software stored in that memory can’t be modified.
  4. Patch Management – Many users install devices and then never update them. Sometimes it’s because updating devices can only be done through annoying web interfaces, but frequently it’s just because people don’t think to do it.
  5. IoT botnet-killing platform – Radware introduces the ultimate IoT botnet-killing platform! The new DefensePro line has the most advanced, automated protection from IoT-based attacks, SSL-based threats and DNS and DDoS attacks.

Also read – Internet of Things: Opportunities to monetize