The Internet of Things (IoT) refers to the billions of everyday devices that are now connected to the internet. This includes everything from smart home assistants and security cameras to wearables and even medical devices. As more and more of these IoT devices enter our homes and workplaces, they are increasingly being targeted by cybercriminals to form botnets.
What is a Botnet?
A botnet is a network of compromised internet-connected devices that can be controlled remotely by a cybercriminal. The cybercriminal, also known as the bot herder, infects devices with malware and establishes a command and control server. Once infected, these devices become bots that can be used to launch various cyber attacks without the owners’ knowledge.
Botnets are most commonly used to launchDistributed Denial of Service (DDoS) attacks. By flooding a target with traffic from thousands of bots, the attacker can overwhelm a website or online service and take it offline. Botnets can also be used to send spam emails, steal data, or mine cryptocurrency.
How are IoT Devices Targeted?
Many IoT devices have weak default passwords and lack basic security features. This makes them prime targets for bot herders looking to grow their botnets. Here are some of the ways IoT devices get infected:
-
Default/weak passwords – Botnets like Mirai scan the internet for devices with factory default or easy-to-guess passwords. Once logged in, they infect the device.
-
Outdated software – Manufacturers rarely issue security patches for IoT devices. Outdated software with known vulnerabilities provide an open door for attackers.
-
Lack of encryption – Unencrypted network traffic allows attackers to intercept credentials and take control.
-
Insecure web or mobile apps – Apps with vulnerabilities can be exploited to gain access to IoT devices remotely.
Major IoT Botnets
Some of the most notorious IoT botnets over the past few years include:
-
Mirai – First surfaced in 2016 and disrupted major websites through massive DDoS attacks. It infected over 600,000 IoT devices, including routers, security cameras and DVRs.
-
Reaper/IoTroop – Emerged in 2017 and infected over a million organizations worldwide. It was built using parts of Mirai’s code.
-
Echobot – Detected in 2019, it targeted over 50,000 enterprise and consumer IoT devices through known vulnerabilities. Launched DDoS attacks and cryptojacking.
-
Mozi – Discovered in 2020 with over 500,000 already infected devices. Targeted mostly DLink and Netgear routers, set up proxy servers for attackers.
Protecting Your IoT Devices
Here are some tips to secure your IoT devices from getting infected:
- Change default passwords to strong unique ones
- Enable two-factor authentication where available
- Update devices regularly & patch vulnerabilities
- Use a firewall to filter traffic
- Disable telnet and SSH if not needed
- Isolate IoT devices on separate networks
- Avoid devices with hardcoded credentials
Consumers and businesses need to prioritize security when deploying IoT devices. Device manufacturers also need to bake in security at the product design stage. With vigilance and secure configurations, we can minimize the risk of our IoT devices becoming part of massive botnets.
