9 (1)

How Botnets and DDoS Attackers Take Advantage of Default IoT Installations

Homes and businesses are all becoming smarter with the help of internet of things (IoT) installations, but there’s a risk this could expose us to criminals using botnets.

Botnets are networks of hijacked IT devices used to carry out cyberattacks; the word comes from ‘robot’ and ‘network’. They can be used to automate mass distributed denial of service (DDoS) attacks, to steal data, to crash your servers, and to distribute malware.

Botnets hiding in plain sight

Botnets could be using your own computer, internet router or IoT devices, controlled remotely by criminals using a command-and-control (CNC) server. You might never know they have been accessed.

The attacker coordinates compromised systems via the internet to target their victim. Where a single attacking system might generate a few gigabits of traffic, even a small botnet could generate terabits per second of traffic which will overwhelm most systems. To avoid detection, the attacker will often use other internet services to direct the online traffic using their target’s online address, known as reflection and amplification attacks.

One infamous example is Mirai, which scans for IoT devices such as cameras, video recorders and internet routers, which it can use to generate massive attacks.

So, for example, each of 100,000 compromised devices in a botnet could generate 10 sessions from 10 amplification services. An attack would start at 10million connections, each generating perhaps one megabit per second of traffic, and expand rapidly.

Be prepared

A survey of 7,000 people in Australia, Canada, France, Germany, the Netherlands, the United Kingdom and the United States, found that only a third of users changed the default passwords on their IoT devices. The rest continued to use built-in passwords such as ‘admin’ or ‘123456’, leaving them at risk of attack. Many users also failed to secure their IoT devices by, for example, changing the default password on their router.

While many people think that IoT devices don't hold much personal data compared to laptops or smartphones they can be used to expose all your systems so they need to be protected. For example, you can:

  • Immediately change the default password – strong and secure passwords for your IoT devices is the first line of defence
  • Update your IoT devices – make sure that they are regularly checked so you can be sure they automatically receive security updates to fix security flaws and patches
  • Install a virtual private network on your router – a VPN can compensate for the poor encryption in some IoT devices to prevent your traffic being intercepted and potentially changed in man-in-the-middle attacks
Most importantly, users, companies, and regulators need to understand the different roles and responsibilities needed to maintain IoT security in the face of botnets. This includes making users aware of their responsibilities for security and privacy, what they should do, and the additional security measures they can use.

Manufacturers also need to take responsibility for protecting devices against vulnerabilities and make security and privacy priorities. Above all, best practices are needed to keep everyone safe from cybercriminals.

Statista reports that worldwide IoT spending could reach over US$1trillion by 2023 as governments promote digital and data-driven societies and we enjoy the benefits of smart homes, workplaces, and even cities. Maintaining security has never been more important.

Control your cloud security configurations

Firebrand’s Cyber Security immersive accelerated training provides in-depth knowledge about how to protect your IoT installations and wider IT systems, including everything you need to become certified and ready to protect your business.a