Even before the COVID-19 pandemic made remote work a new norm, McKinsey research predicted that the number of devices connected over the Internet of Things (IoT) would nearly triple between 2018 and 2023.
While that's great news for convenience and efficiency, it could be bad news for cyber security. IoT devices are notoriously vulnerable when neglected, and threat actors are taking advantage. Among the tools at their disposal, the IoT botnet is one to watch out for.
What are botnet attacks?
A portmanteau combining the words "robot" and "network," botnet is the term used for a group of hijacked devices. In a botnet attack, hundreds of devices are loaded with malware and used for malicious activities such as distributed denial of service (DDoS) attacks and spam distribution or to validate credentials for account takeovers.
If your device or network has been taken over by malware that turns it into a zombie (a device that the attacker controls), you'll notice performance issues. For example, you may find you can't access your website, are suddenly bombed with spam and pop-ups, or are dealing with sluggish performance.
IoT isn't the only vector for this style of attack. Because bots can launch thousands of attacks simultaneously, hackers use them to find as many vulnerabilities in as little time as possible. Many of the threat actors are part of crime syndicates or nation-state organizations that are highly sophisticated, and botnets are a popular attack vector because they are inexpensive to launch with a potentially high payout.
The malware Mirai made news in 2016 as the first major botnet to take advantage of IoT botnet devices. Now, according to research from the European Union Agency for Cybersecurity, Mirai variants increased by 57% in 2019; while the original Mirai showed its impact with DDoS attacks, today's attacks are more targeted, with 60% focused on credential stuffing. The 2020 Verizon Data Breach Investigations Report found 103,699 botnet incidents on laptops and desktop computers, primarily targeting the financial, information and professional services industry verticals.
The end game for threat actors is the financial payoff—they are looking for ways to get into your network and gain access to data and valuable assets. Bots are used for spam bombing, often with malware, to collect credentials and other personal information, which is in turn either sold on the dark web or used to gain deeper access into a network. Botnets can take over computers to mine cryptocurrency, benefitting the hacker while slowing down the productivity of the computer's owner.
They are also a risk to critical infrastructure. A nation-state actor could launch an attack against a country's power grid, for example, and shut it down as an act of cyber warfare.
Mitigating IoT botnet threats
Cyber criminals target IoT and operational technology (OT) because these devices often have poor security systems. They may use outdated operating systems and have no easy way to fix vulnerabilities. The first step to protect devices is to immediately apply any firmware updates to close the holes.
At the same time, these devices often use default passwords that are generic. These passwords are designed to get the device up and running, but users rarely change them. Creating unique passwords for each device makes credential theft more difficult.
Finally, practice good cyber security hygiene across all devices, including IoT. While it is up to the user to put the emphasis on security, using cloud security services that scale to your needs will also offer levels of prevention and mitigation if there is a botnet threat.
Botnets are widely used by cybercriminals because they are effective. By recognizing the vulnerabilities of IoT botnets as well as any connected devices like smartphones and computers, you can improve your chances of preventing an attack.
Learn how Verizon's simple security solutions can help keep modern cyber threats at bay.
The author of this content is a paid contributor for Verizon.