The word “botnet,” a combination of “robot” and “network,” describes a network of internet-connected devices that are controlled by a single attacker and usually used to perform Denial of Service attacks, exfiltrate data or send spam.
Botnets are the internet’s worst nightmare. They can be used to take down or disrupt some of the internet’s most sensitive infrastructures, such as DNS services. In 2016, one of the largest botnets, comprised of vulnerable IP cameras and home routers, was used to launch large denial of service attacks on DYN, a company responsible for providing DNS services to Fortune 500 companies. The attack took those companies’ services offline.
Why are Botnets Dangerous?
Botnets are highly popular among threat actors because they’re easy to amass. IoT proliferation and the lack of security governance have made it possible for hackers to exploit known, yet unpatched, vulnerabilities in hundreds of thousands of internet-connect smart devices.
The value of these compromised devices far exceeds the information hackers can collect from them, as they can all be simultaneously instructed to access a single website or service. When hundreds of thousands of bots access the same webpage or online resource, they create a huge volume of traffic that the website has to handle, and place the website under stress as it has to respond to all those requests.
Imagine the daily traffic of an average website as you having a conversation with 2 people at the same. When they ask you something, you reply to them. However, when 20 or 50 people ask you questions all at the same time, you’ll have a hard time understanding them, let alone answering them back. In the end, you’ll probably cover your years and simply stop responding to everyone. It’s the same thing with hundreds of thousands of devices that all “talk” to a single website or online service. The process is called a denial of service (DoS).
It’s dangerous because defenses against it are limited, and not all of them are very effective. Sometimes, threat actors threaten companies with a sustained denial of service that would cause massive outage for the organization, and promise to stop the attack if a ransom is paid.
Other attacks can simply take down a critical internet service, such as DNS, as with the Mirai IoT botnet that took down DYN. This is a far more dangerous type of attack as it affects a critical service that allows us to use domain names instead of typing in IP addresses.
The IoT Threat
Botnets comprised of IoTs are particularly worrisome, as attackers can exploit known vulnerabilities for months or even years on end, without fearing they will either be patched or that users will even get a security solution designed to secure them.
While exploiting vulnerabilities in IoTs is a common attack technique, bruteforcing passwords is also very effective and simple, and potentially promises full control over the device. Bruteforcing is the act of trying out every possible username and password combination, until a successful one is found. Hence, it’s important that IoTs are always secured by strong, unique, and lengthy passwords that cannot be easily guessed.
Since there are currently no universally applicable security guidelines and regulations for building security into smart devices, manufacturers often secure them with default passwords, build in hidden usernames, or simply enable remote control over the internet. Consequently, IoTs present a serious threat to both the home network security of users – as hackers can use a vulnerable device to make their way onto other devices within your home – and to the entire internet infrastructure, if they’re used to take down critical services.
IoT Security and Best Practices
To avoid having smart devices potentially compromised and enslaved into botnets, it’s important to change default passwords and make sure they’re difficult to guess. This would maker bruteforcing attacks far less successful.
Before purchasing any smart device, it’s advisable to research whether the manufacturer has a policy for issuing security updates. Even IoT devices need the latest security and software updates to prevent cyber criminals from exploiting known vulnerabilities.
There’s also the option of trying out a home network cybersecurity solution that can identify vulnerable devices, protect them against cybercriminals that want to remotely dial into them, and always make sure that none of them broadcast sensitive information to unknown parties. These IoT security solutions are both easy to use and very effective at protecting any internet connected home network smart device, with minimum effort and maximum efficiency.