Think of all the smart devices that you saw on sale for Black Friday. Each of those devices connects to your home network and the internet and are categorized as belonging to the Internet of Things (IoT). However, these devices also create an additional attack vector for malicious actors to exploit. Attackers take advantage of the limited security features of these devices to recruit them into malicious networks known as botnets.
What is a botnet?
A botnet is a group of devices that is infected with a specific type of malware. This malware lies dormant until called upon by an attacker. Then, all of the devices are set to a specific task, usually a Distributed Denial of Service (DDoS) attack. These attacks occur when multiple access requests are sent to the same internet resource, such as a website, to overtax the connection and deny access to legitimate users. Seemingly innocent devices, such as refrigerators and doorbell cameras, can be used in this fashion.
How can this happen?
Many smart device manufacturers are less concerned with securing these devices with regular software updates and security patches than they are with increasing user functionality. Security is often poorly implemented or left out entirely during the software development life cycle. Also, attackers who recruit these devices into botnets do so covertly, without the user’s knowledge. This makes smart devices both vulnerable and attractive targets.
How are botnets made?
According to the NETSCOUT Threat Intelligence Report 2018 a newer type of malware, know as Mirai, is primarily responsible for the increase in botnets, particularly botnets created from the IoT. The source code for Mirai was made available to the world in September 2016 and it has been used by attackers in numerous attacks since then. Mirai botnets may lie dormant for weeks or months before being used in a DDoS attack. Then, they are sent back into a dormant state so that they can remain undetected and used again in the future.
Why are DDoS Attacks a Problem?
DDoS can cost companies millions of dollars in lost revenue by preventing company website from delivering content to their intended audience. Attackers may wish to target specific companies for political reasons or even for personal gain. One young Dutch hacker used Mirai in 2017 to extort $150,000 from companies such as Yahoo! News and the BBC. He would target company websites with a DDoS attack perpetrated by a botnet that he created. Then, he would contact the company and demand payment in cryptocurrency to stop the attacks. These companies complied with the ransom to avoid potentially devastating losses in revenue.
So, when you next head to your smart fridge for some Thanksgiving leftovers, take a moment to consider the cyber risks involved.