Picture it: You’re sitting at your computer surfing your favorite sites, when out of nowhere your browser crashes. You relaunch and attempt to reload the page you were viewing, but you have the same problem. Perhaps the site you were viewing is having trouble, so you try some routine maintenance. You open Windows Resource Monitor and see that your CPU is working at near capacity. Now you know something’s definitely wrong, so you launch your browser again to find information on CPU usage, and this time the browser takes forever to open. These are all clues that your computer may have become an unsuspecting recipient of a botnet.
A botnet is a collection of internet-connected devices infected with malicious software and controlled as a group without the owners’ knowledge. These devices can include PCs, servers, mobile devices, and internet of (IoT) devices that are infected and controlled by malware. The malware takes control of the devices and sends data or “calls” to a Command and Control (C&C) server.
What role do IoT devices play in the current botnet threat landscape? IoT devices are notoriously vulnerable to attack. They’re like little computers, except with no firewall or antivirus security features. Add this to the ever-growing number of IoT devices – 8.4 billion and counting – and you have the perfect storm for a botnet invasion.
During September 2016 in France, the telecom provider OVH was hit by a distributed denial-of-service (DDoS) attack. This attack was one of the largest recorded. On a Friday afternoon in October 2016, the internet crawled nearly to a stop for most of the entire eastern United States. The tech company Dyn, a key part of the internet’s backbone, came under a crippling assault. During the last U.S. presidential election, it was feared that the IoT botnet called Mirai was at work and might possibly impact the election. Fortunately, there is no evidence of this altering votes.
Another very high profile IoT botnet is Reaper. By many accounts this IoT botnet can be even more dangerous than the Mirai Botnet. Marai simply uses unchanged default credentials to infect devices. While Reaper exploits known security flaws in the code of insecure machines. Reaper also uses known vulnerabilities to ensnare devices. This ability to exploit vulnerabilities may very well lead to Reaper becoming an even bigger botnet than Mirai, as it has the capability to infect a substantially larger number of devices.
Of course, there’s money to be made for the bot herders — aka the hackers. As recently as February 2018, it was reported that a cybercriminal gang known as Los Calvos de San Calvicie were selling Distributed Denial of Service (DDoS) attacks for the low price of just $20 per attack. These are not large volume attacks — they range from 290- 300 Gigabits per second — however, they are still large enough to bring down a server unless it is protected against DDoS attacks. This IoT botnet is comprised mainly of Internet routers that you would use in your home or small business. There is virtually no IoT device that is immune to botnets.
So, what can we do to protect ourselves?
Here are some tips to help keep your device safe:
- Each device comes from the factory with a default username and password. Change the password immediately.
- Make sure all your devices are up to date with all the latest security patches and firmware updates.
- Use encryption, even on the files you store in your network storage device. If you do not have access to an encryption tool, you can simply put your files in a password-protected ZIP file.
- Most home routers and switches have the possibility to set up several different virtual networks. This can be accomplished by using the publications that come with the router or check the website of contact customer service.
- Disable Universal Plug and Play (UPnP). UPnP is designed to help IoT gadgets discover other network devices. Unfortunately, hackers can also exploit this feature to find and connect to your IoT devices and possibly penetrate your network.
- Unplug it! Disconnect your IoT devices from the internet (or turn them off completely) whenever you don’t need them to reduce their vulnerability.