When the Internet of Things (IoT) is Armed as an IoT Botnet

Don’t Join the IoT Botnet Army

When the Internet of Things (IoT) is weaponized to launch DDoS attacks, it’s called the DDoS of Things. The problem is that many consumer IoT devices can easily be hijacked and made part of such IoT botnets, which are then used to power bigger, smarter, and more devastating multi-vector DDoS attacks than ever before. We can clearly see that DDoS attacks have become more common, rising in direct proportion to the increase in the number of IoT devices.

One might ask how many IoT devices are connected to the internet. In 2017, Gartner forecast there would be 8.4 billion Internet of Things devices by 2020. At the time that seemed like a large number but just two years later in 2019, there were already 26 billion IoT devices. This has turned out to be a huge problem because IoT devices are inherently vulnerable so creating a botnet has become ridiculously easy.

“Global estimates of the total number of DDoS attacks are anticipated to double to 14.5 million by 2022”

Source: Cisco Annual Internet Report

Organizations have a range of tools that they can use to mitigate DDoS attacks caused by IoT botnets including access management controls and the encryption of all communications. But encryption can introduce other problems such as the ability to hide of trojans and viruses in the encrypted traffic, so SSL decryption and SSL inspection solutions are required to root out malware.

One of the easiest ways to prevent your IoT devices from being enrolled in an IoT botnet is by updating the factory default password on your IoT device but, unfortunately, many consumers don’t understand the problem or have the skills required and, in some cases, the IoT devices are designed such that their credentials can’t be updated or, in case of vulnerabilities, they can’t be patched.

The bottom line is that systems and firmware running on connected devices are seen as the IoT world’s biggest vulnerability because of their limited ability to be updated and patched.

The Internet of Things (IoT) and How it’s Used for DDoS Attacks

The Internet of Things is the term used for the constellation of physical devices (the “things”) connected to the internet, that may exchange data with other internet-connected devices.

There are a staggering number of device types in the Internet of Things including smart TVs, home internet routers, IP cameras, and even refrigerators and robotic trash cans that take out the trash. Because of the endless commoditization of electronics, anything can be designed with digital tech to connect to the internet and other devices, including people and processes.

This has been termed the Internet of Everything (IoE) and the promise is to make our data more meaningful, valuable, and relevant. So, it’s easy to see how cyber criminals can coopt them for IoT botnet DDoS attacks, like the Mirai Krebs and OVH DDoS attacks in 2016.

Internet of Things (IoT) Application Categories

But circling back to IoT, there are five main Internet of Things application categories that can cause cybersecurity problems.

Consumer Internet of Things

The consumer Internet of Things includes devices such as smart watches that monitor your biometrics, litterboxes that clean your cat’s waste for you, and smart-speaker products such as the Amazon EchoPlus to help manage and organize your life. These devices have all been designed to be as simple as possible to deploy but that simplicity has a dark side. For example, vulnerable Android systems with unprotected diagnostic backdoors that when compromised can be inducted into IoT botnets.

Commercial Internet of Things

Commercial IoT systems include devices that monitor environmental conditions to, for example, improve the experience of hotel guests, and office building control systems that manage employee access during the Covid-19 pandemic.

Industrial Internet of Things

Industrial Internet of Things (IIoT), also known as the industrial internet, are systems that monitor, collect, exchange, analyze, and deliver data to enable faster business decisions and more efficient processes for manufacturers. A prime example of this is Amazon’s Kiva technology which locates warehoused products and brings them to workers. Unfortunately, some of these solutions have been found to be vulnerable to hacking and become enrolled in botnets.

A vulnerable Industrial Internet of Things encourages the growth of IoT botnets and DDoS attacks. The attacks are usually on industrial control systems (ICS), which are a collection of systems that work together to automate or operate industrial processes, like distributed control systems (DCS) and human machine interfaces (HMI).

Infrastructure Internet of Things

Infrastructure IoT is the foundational infrastructure that connects and manages smart cities. An example of this is the use of CCTV cameras to optimize auto and pedestrian traffic flow which includes all the basics of Infrastructure IoT:

Internet of Military Things

The Internet of Military Things, also known as the Internet of Battlefield Things, combines aspects of the Consumer Internet of Things (wearable IoT devices with embedded sensors such as smart combat suits and helmets), Commercial IoT (environmental monitors), Industrial Internet of Things (devices and analytics used to track supplies and equipment from warehouse to battlefield), and the military version of Infrastructure IoT (also known as the Combat Cloud).

The Internet of Military Things is a realm that’s almost impossible to analyze because of national security concerns but imagine being on a battlefield and the opposition launches a DDoS attack using an IoT botnet composed of your entire smart uniform and battlefield equipment; the risks and consequences would be catastrophic.

A10 Networks Mitigates DDoS Attacks Caused by IoT Botnets

The A10 Networks’ Thunder® Threat Protection System (TPS®) delivers a high performance, high precision, intelligent DDoS protection solution that mitigates a vast variety of DDoS attacks, including the DDoS of Things. With the IoT based DDoS attacks growing at unprecedented rates, our highest performance DDoS protection solution ensures continued availability of services in these demanding times.


|

August 10, 2020

About Paul Nicholson

Paul Nicholson brings 24 years of experience working with Internet and security companies in the U.S. and U.K. In his current position, Nicholson is responsible for global product marketing and strategy at San Jose, Calif.-based application networking and security leader A10 Networks. Prior to A10 Networks, Nicholson held various technical and management positions at Intel, Pandesic (the Internet company from Intel and SAP), Secure Computing, and various security start-ups. READ MORE