The rise of the IoT botnet
Managing Director, Security, APJ
Thought Leadership, Security
While the “Internet of Things” starts new chapters for how businesses use technology, it also brings increasing threats from attackers. Millions of vulnerable IoT devices are actively being used in cyberattacks, and these attacks have propelled us into the 1-TBps Distributed Denial of Service (DDoS) era. Shaking traditional DDoS protection paradigms and proving the IoT DDoS botnet threat is real.
In our Midyear Cybersecurity Report, we examine a number of cyberattacks including the Mirai botnet, whereby attackers targeted connected devices to rapidly turn thousands of them into a massive hoard of attack clients. These “zombie armies’’ then launched powerful DDoS attacks causing outages to hundreds of popular websites.
As attacks become more sophisticated and more devices connect to networks, botnets such as Mirai will only increase. All organizations harnessing the potential of the IoT need to protect themselves from such incidents today. To put the urgency into perspective, attackers can create a botnet of more than 100,000 infected devices within 24 hours.
Another problem for organizations is the lack of visibility. Many organizations don’t actually know what IoT devices are connected to their network. That’s like handing out free security passes to your building.
IoT devices are generally not built with security in mind either. Examples include unencrypted browser management portals, unauthenticated API’s, as well as unpatched open libraries used. This is across devices used in the home, manufacturing and healthcare industries. And let’s just consider healthcare for a moment, and that the average small to midsize hospital can have about 12,000 to 15,000 devices including life saving equipment. The potential impact of vulnerable IoT devices is huge.
In this evolving war against IoT botnet attacks, we need to act with urgency. We need to start focusing on potential IoT weaknesses because attackers want to target them to launch ransomware campaigns, steal sensitive information, and move about within our networks.
Stopping this threat should be a business priority and here are some recommendations to help you prepare against IoT security risks, both now and for the future:
• Keep older signatures active
• Build a solid Intrusion Prevention System (IPS) around your IoT devices
• Use technology to gain awareness of everything hitting your network and that allows you to easily control access and segmentation from one place
• Closely monitor network traffic to spot irregularities and potential threats
• Track the way IoT devices touch your network and interact with other devices (for example, if an IoT device is scanning another device that’s likely a red flag signaling malicious activity)
• Implement patches quickly
• Work with vendors that issue security advice and can offer expert guidance assessing risk, design solutions and responses to incidents.
Source: Cisco 2017 MCR