If You Build It, They will Come - IoT Driven Botnet Attacks

If You Build It, They Will Come - IoT Driven Botnet Attacks

The internet has revolutionized the way we live, the way we do business and the way we stay “connected.” Since the birth of the internet, technological advances have allowed us to mobilize our communications, automate everyday activities, enhance user experience and create an interconnected world in which we have come to rely on.

Internet-based home automation devices, such as video baby monitors, remote thermostat programming, home surveillance and security kits, connected lighting products, etc., are transforming how we manage our day-to-day lives. Remote management of these devices, through smartphones, online portals and the like has extended to every home, car, business, building and system in the world. Not many would argue that the term “IoT” is sometimes overused, or even misunderstood, but it certainly represents a growth spurt in the evolution of technology.

Regardless of term, or use case, it’s well-known that cybercriminals can hack into any vulnerable device connected to the internet to remotely take control of that device and enslave it into a botnet that is part of a distributed denial-of-service (DDoS) attack. Given the recent, ongoing and exponential increase of devices connected to the IoT, it is becoming easier for hackers to increase the size and frequency of DDoS attacks.

The average user of connected devices, whether that be your smart home, smart appliances, smart car or smart office, does not typically pay close attention to software updates or critical patching schedules. They also don’t quite understand how these devices are connected or sharing data. IoT devices often have just enough processing power to deliver their required functionality, with security as an after-thought at best or often not present at all. Combine this with the fact that access control passwords are often left at their factory defaults, or users choose alternatives which are easy to crack using brute force techniques. The human component is often underestimated as a contributor to an overall lack of security of the IoT.

In the case of DDoS attacks, the reality is that any device, infrastructure, application, etc. that is connected to the internet is at risk for attack, or even more concerning, to be recruited as a bot in an army to be used in DDoS attacks against unsuspecting victims. Botnets, also known as “zombie armies,” can be deployed on thousands — if not millions — of connected devices and can wreak havoc - spam attacks, spread malware or launch DDoS attacks. 

Commonly used DDoS toolkits abuse internet services and protocols that are available on open or vulnerable servers and devices, to create a class of attacks that are virtually impossible to trace back to the originating attacker, known as amplification DDoS attacks. This raises serious concerns that the sheer number of devices in the IoT represents a totally new type of attack surface that could become wildly out of control in very short order. 

There is really no limit to the potential size and scale of future botnet-driven DDoS attacks, particularly when they harness the full range of smart devices incorporated into our IoT. By using amplification techniques on the millions of very high bandwidth capable devices currently accessible, such as baby video monitors and security cameras, DDoS attacks are set to become even more colossal in scale.

The bottom line is that attacks of this size can take virtually any company offline – a reality that any business must be prepared to defend against. And it isn’t just the giant attacks that organizations need to worry about. Before botnets are mobilized, hackers need to make sure that their techniques are going to work. This is usually done using small, sub-saturating attacks, which most IT teams wouldn’t even recognize as a DDoS attack. Due to their size – the majority are less than five minutes in duration and under 1 Gbps – these shorter attacks typically evade detection by most legacy and homegrown DDoS mitigation tools, which are generally configured with detection thresholds that ignore this level of activity.

This allows hackers to perfect their attack techniques, while remaining under the radar, leaving security teams blindsided by subsequent attacks. If these techniques are then deployed at full scale with a botnet, the results can be devastating.

Preventing the IoT botnet and protecting against attacks

Preventing and mitigating the exploitation of the IoT is going to take quite a concerted effort. Device manufacturers, firmware and software developers need to build strong security into their devices. Installers and administrators need to change default passwords and update patch systems – if this is even possible – when vulnerabilities do arise.

Organizations must also be better equipped to deal with the inevitable DDoS attack – IoT related, or otherwise. In the early days of DDoS attacks, more than two decades ago, operators handled an attack with a null route; i.e., a remote trigger blackhole. If they detected something going awry, they would look at the victim – the IP that was targeted – and null route everything associated with the victim. This got the attack traffic off the operator’s network and stopped the collateral damage against other unintended victims. However, it sacrificed the victim in the interest of keeping the rest of the network viable.

The DDoS mitigation landscape then evolved to a slightly more advanced technique, which involves routing the attack traffic to a scrubbing center, where human intervention and analysis is typically required to remove the attack traffic and return the legitimate traffic to its intended target. This process is resource-intensive and expensive. Plus, there’s often a lengthy delay between detection of the attack, and when the actual remediation efforts begin.  

The DDoS protection of today requires robust, modern DDoS defenses that will provide both instantaneous visibility into DDoS events as well as long-term trend analysis to identify adaptations in the DDoS landscape and deliver corresponding proactive detection and mitigation techniques. Automatic DDoS mitigation is available today to eradicate the damage of DDoS and eliminate both the service availability and security impact. If desired, these solutions can be paired with an on-demand scrubbing solution.

This type of effective DDoS defense can also be deployed as a premium DDoS Protection as-a-Service (DDPaaS) offering from an upstream internet provider. Carriers are in a unique position to effectively eliminate the impact of DDoS attacks against their customers by surgically removing the attack traffic transiting their networks, before flowing downstream. Providing such a service not only streamlines the operations of providers, giving them increased visibility and making their services more reliable, but drastically reduces the impact of IoT driven DDoS attacks.

Featured

  • Survey: 54% of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

    Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Study: Only 35 Percent of Companies Include Cybersecurity Teams When Implementing AI

    Only 35 percent of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half (45 percent) report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • New Report Series Highlights E-Commerce Threats, Fraud Against Retailers

    Trustwave, a cybersecurity and managed security services provider, recently released a series of reports detailing the threats facing the retail sector, marking the second year of its ongoing research into these critical security issues. Read Now

  • Stay Secure in 2024: Updated Cybersecurity Tips for the Office and at Home

    Cyber criminals get more inventive every year. Cybersecurity threats continue to evolve and are a moving target for business owners in 2024. Companies large and small need to employ cybersecurity best practices throughout their organization. That includes security integrators, manufacturers, and end users. Read Now

Featured Cybersecurity

Webinars

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3