Friday 21st of October, 2016 – Domain Name Service (DNS) provider Dyn was the subject of a major cyber-attack. The incident consisted of two major Distributed Denial of Service or DDoS attacks against the managed DNS infrastructure. These attacks proved a major setback for Dyn as it not only crippled Dyn’ network infrastructure but also that of its prominent clients. This was the biggest ever recorded DDoS attack that involved at least 100,000 infected devices.
After a careful analysis it was known that the malware used in the attack was the infamous Mirai Botnet. The Mirai botnet is a very dangerous malware specifically built to cripple various CPU architectures that are part of the IoT devices and it is known to be a very dangerous tool used by hackers to cripple large networks.
Botnets mean Trouble
The word ‘botnet’ is derived from the words ‘robot’ and ‘network’. A botnet is defined as the collection of internet-connected devices from smartphones to video cameras to desktops that have been infected through a breach and whose control lies with a third-party, usually, hackers or cyber criminals.
For example, your smartphone if infected by malicious software can become part of the botnet and can be used to launch bigger attacks that cripple larger networks.
The botnet collection of infected devices can run into thousands while having a very systematic structure in place. At the top lies the bot-master or the master bot that keeps track of the number of infected machines or devices and the kind of task they must perform. Then there are bot managers, that relay information from bot-masters to the bots below. Bot-managers typically accept commands from the master bot and spread these to the bots, they also report on the number of bots infected. At the bottom level are bots or zombie computers which are infected devices or computers that are used to perform one or the other kind of malicious attack. At the top of this botnet structure is the hacker who has complete control of the entire network.
Why are botnets so famous, rather infamous?
Botnets are a definite threat to the security systems of today and are known to easily penetrate some of the robust security systems in the world. Botnets are a favorite of cyber criminals and their growing popularity stems from the fact that they can infiltrate any internet connected or IoT device from refrigerators to corporate mainframes – no wonder they are actively utilized to cripple systems and disrupt major operations.
Botnet and the impact on IoT
Now comes the big question – what kind of an impact do botnets have over the IoT systems?
The basic concept of botnet is to have as many number of infected devices or computers as possible, and the IoT network is easily the most vulnerable of all networks. Because the IoT network or system is already a vast network of numerous internet-connected devices, it becomes the most favoured target – all a hacker needs to do is breach and infect one device!
In the botnet world, size does matter. The larger the number of infected devices, the bigger is the botnet, bigger the botnet, larger is the impact of the attack. So, this has a massive impact on an IoT system or its network of connected devices.
Imagine this, an industrial firm using thousands of sensors, beacons and other connected devices falls prey to a botnet attack simply because the hacker was smart enough to breach into the network via the unprotected smartphone of an employee. The damage can be massive crippling systems and halting machine functions. It could also lead to physical damage of the industrial infrastructure resulting in heavy financial losses.
What makes botnet an even more dangerous tool is the fact that sophisticated versions of botnets can be placed in stealth mode making them undetectable until the time it is actually too late for remedial measures. One of the reasons they cannot be easily detected is because they use very low computing power so as to not alert the user. Some of the latest botnets are sophisticated enough to update their ‘’behaviours’’ so as to thwart detection by cyber security systems.
How to thwart botnet attacks?
Security is of paramount importance in the fight against botnets. Botnet invasions can have a devastating effect on IoT systems and having sophisticated cyber security systems in place is the only way to protect IoT systems from such attacks.
Security needs to be up and tightened from the device level. Every device that is part of an IoT network be it a smartwatch, a smartphone or even a coffee maker needs to have updated security software and highly secure passwords. Device manufacturers needs to take into account the long-term functionality of the IoT devices and build devices capable of supporting complex and evolving security algorithms. Manufacturers should also,with the help of software vendors if need be, provide long-term firmware update support so devices are continuously enhanced to withstand cyber-attacks.Security should also be robust at the platform level where hackers deploy malware to infect and breach the platform.
IoT is getting a lot of attention not just because it is an interesting technology but also because it has shown proven benefits for businesses. At the same time, IoT is also catching the attention of cyber-criminals and hackers. These hackers now have a larger surface area to attack, courtesy the IoT network, and botnets, are the weapons being used to cripple large networks via infected IoT devices. The way to safeguard and protect an IoT network is to have a robust security system in place from the device to the platform and beyond to the server or cloud, and this is the area businesses need to focus on if they wish to get the best of the deployed IoT network.