The rise of IoT zombies: What’s the danger of botnets?
Credit to Author: Trend Micro| Date: Wed, 01 Mar 2017 18:40:08 +0000
When the cyberattack on Dyn's servers happened in late 2016, several prominent websites were impacted. Organizations like Twitter and Netflix were catapulted into a state of disrepair as engineers struggled to bring servers back online. The culprit? The reason the Dyn servers went down is thanks to an Internet of Things-based botnet that was created using a malware called Mirai.
All About Circuits contributor Robin Mitchell referred to this kind of cybercrime as a "zombie" botnet. Essentially, using the Mirai program, malicious actors were able to create a network of zombie devices out of around 100,000 connected objects. The botnet was created because the IoT devices didn't have effective enough security protocols to withstand infiltration. In fact, these objects were most likely still using their default passwords that were placed on them during manufacturing, which can be easy to break when challenged.
So what can be done about malicious programs like Mirai malware and others that seek to take advantage of the steadily increasing network of IoT-connected devices? What happens when the internet-enabled objects that were supposed to make our lives easier and "smarter" instead are being turned against us?
A growing problem
If the IoT remains vulnerable to attacks of this nature, things are certainly going to get interesting. IT research firm Gartner predicted that by 2020, there will be 20.8 billion connected objects in the IoT, ranging from smart home thermostats and light switches to connected tea pots, drones or any number of everyday objects. If all of these connected things suffer from the same security flaws as the ones that fell victim to the Dyn hack, that is an unmitigated disaster waiting to happen.
What's more, the source code for Mirai was released in September of last year, according to Wired, which has created somewhat of an arms race in terms of hackers developing new strains of the malware and gaining access to insecure IoT devices.
"[The issue is] accelerating because there's a wide-open, unprotected landscape that people can go to," Chris Carlson, vice president of product management at Qualys, told Wired. "It's a gold rush to capture these devices for botnets."
Some botnets are relatively harmless. One recently discovered network of fake Twitter accounts demonstrated this fact. According to Engadget contributor Steve Dent, at the end of January, a network of 350,000 spurious Windows Phone accounts that tweet only random Star Wars quotes … from the middle of the ocean. A team of graduate student researchers at the University College of London found the botnet completely by chance after pulling data from around 6 million English-speaking Twitter accounts and plotting their locations on a map. They noticed that quite a few of these accounts were originating from uninhabited areas like the middle of the ocean or desert in two distinct regions.
Their conclusion was that someone had created a botnet of these fake accounts in the regions where people were most likely to have Twitter access. Bizarrely, the accounts only tweeted random passages from Star Wars novelizations, sometimes stopping in the middle of a word, with hashtags applied to words or phrases that didn't make much sense.
"The Star Wars botnet provides a valuable source of ground truth data for research on Twitter bots," said graduate student Juan Echeverria, the computer scientist at University College of London who found the botnet, according to PC Magazine.
No doubt, this botnet serves as an example of how difficult it is to detect botnets in everyday security searches. The students' research paper noted that they were "really lucky" to find the botnet, drawing attention to the fact that it truly was just good fortune that led them to the discovery.
So even though the Star Wars botnet is relatively harmless, it's a ready example of how difficult it is to pinpoint botnets and how much of a challenge it's going to be to protect company networks from zombie devices that have been co-opted by malicious programs like the Mirai malware.
So how do we mitigate these disasters?
The IoT continues to grow, and with it the issue facing companies and consumers alike: How do you protect against something so vast and powerful? It's certainly becoming the question of the century, and as more "zombie" botnets crop up to do the bidding of malicious actors around the world, people need to take another look at the way they view the security of their networks.
One of the options is simply to spend more on cybersecurity measures and ensure that companies are guarding their networks against intrusion against malware like Mirai. Gartner estimated that by 2018, spending on IoT security would reach $547 million – a lot of companies spending a lot of money trying to make sure their networks are safe.
It is also going to be key to focus on IoT device manufacturers themselves – they need to create better passwords for their connected devices and in general become more aware of the security risks facing their products. Trend Micro researchers noted that it's going to be critical moving forward for consumers and even regulators to put pressure on the manufacturers to improve their security practices – or face not being able to sell products at all as the general public becomes more informed about cybersecurity.
Home routers are another key aspect of this botnet discussion. According to Trend Micro researchers, since the home router is essentially the doorkeeper of all the new smart home technologies, it's critical to make sure this device is secure, lest it be transformed into a zombie that allows hackers to take control of your home.
"A smart but unsecure device connecting to the internet is much like inviting curious – and oftentimes malicious – guests into your home," wrote Trend Micro researchers Kevin Y. Huang, Fernando Mercês and Lion Gu. "Placing basic locks on the gateway simply won't cut it. Bad guys, given their recent foray into home networks, will always look for ways to break doors open. Worse, they infect these devices and turn them into zombies that can be ordered to do the cybercriminals' bidding."
When security codes don't cut it
Cybersecurity software, two-factor authentication and greater password awareness are all important aspects of strengthening your network protections against botnets. Until manufacturers step up their game and create better security practices, it's up to cybersecurity firms and the public to be more informed in their daily interactions with smart objects. Change your default passwords, secure your home router and encrypt your wireless connections.
The Dyn attack is only one example of the dangers of botnets and the challenges that face the IoT. Consumers and businesses alike need to make sure they're protecting their assets with cybersecurity software and other tools.