IoT BOTNET Attacks - The Peril & The Power

IoT BOTNET Attacks – The Peril & The Power

*The Year 2008*

Let’s turn back to history and recall the scene when the protagonist Sylvester Stallone in movie Rambo entered to liquefy thousands of snipers with his mounted Gatling gun, and thus the abducted groups of missionaries held captive in a remote area were rescued.

*The Year 2018*

What when the same atrocious situation is faced in the cyber era? The era where the number of connected devices and equipment is increasing and this trend won’t stop. The online era which conjures up the same scenario, where the guns are replaced by botnet attacks and the ninja is a bot.

Cisco predicts by 2020 there will be 50 billion networked devices worth $300 billion

But,

No matter the Internet Of Things (IoT) carries THE PROMISE of efficiency and innovation, but it even brings THE PERIL of threats

So what does a bot mean and how it impacts IOT security?

The bot is an application that implements automated tasks over the web, the task could be persistent or redundant and thus the name bot (short name for Robot) comes in handy.

Bots can be good or bad, good bots like copyright bots, data bots, or spider bots may be THE POWER to you but bad bots can come as a part of a virus or worm and manipulate the complete system to give rise to the denial of service (DoS) attacks.

A new term, DoS? What can it be? A DoS attack results from one device which convinces a legitimate user to stop using a web server. In DDoS (Distributed Denial of Service) attack the server is targeted by different devices. The bandwidth is consumed more and takes down the server by burdening with boatloads of data.

So now ‘How does IOT Devices Get Infect?

The bot/attacker finds its way through innumerable unsecured devices that are in being used. The smart device can be your smart AC, smart bulb, a smart cup or more that gives you THE POWER of convenience.

The attack is silent; you won’t realize that the complete control over your machine is taken. The remote attacker is now in charge of all controls and then it connects to a different branched network of captured devices.

Well, this is known as Botnet attack.

A crunching botnet attack by Mirai in 2016 had badly impacted the internet infrastructure which disrupted the access to known websites like Amazon, PayPal, Twitter, Netflix and more. The new IOT botnet Reaper based on few portions of Mirai’s code is developed with a goal to not just guess the passwords but attack to known security flaws incorporated in the device. The internet experts acclaim that such attacks will increase unless you work on the IOT security.

The stats from Cisco acclaim that the number 10.4 million DDoS attacks in 2017 will change to 17.4 million in 2020

However, did you pay importance to the fact that why just IoT devices are considered for these attacks? The main problem lies in its core making and developing – antimalware, antivirus or firewalls are such techs that cannot be installed on mere TV, Camera or a door lock.

The increase of IOT gadgets and the need of automation, the most prevalent question now is – how can you save the IoT devices from botnet attacks?

We are surrounded by IoT devices that are readily available from manufacturers, who just focus on functionality rather than the security measures

The need for convenience is obvious but you should be aware of security measures while buying an IOT gadget. Checklist the rudimentary security measures offered by the manufacturer, as the level of ease and inventiveness should not be the only deciding aspects. Cheap price should not be even the reason for the attraction.

 Be alert to the devices offered by manufactures:-

  • Manufactures are carried away by trend and demand, thus gadgets with debilitated security, having data transformation over insecure services like FTP, Telnet and more which makes the password breaking easily are offered. The manufactures now need to take a prudent decision and consider it a necessity for implementing robust security measure.
  • The time a gadget is attacked by a botnet, it naturally consumes a lot of bandwidth. When the ISP witnesses this, they may start charging a penny to the consumer for consuming excess bandwidth or inform the customer that gadget has been affected and thus disable the system. So now when there is no network connection, the device is of no use for DDoS attacks.

Probably simple IoT devices can act as vulnerable to security and become ground for DoS or DDoS attacks. Hence, preventive measures are a must for your smart devices.

Author Bio:

Khushboo Jobanputra is an ambitious, forward-thinking woman having first-rate global exposure in web content writing, digital marketing at CMARIX Technolabs. ‘Exceeding expectations’ is her professional motto, probably that’s because catering the innovation-centric contents has been her key strengths over the years. Other than the work, she loves to travel, create the creativity, and is a film buff.