As the number of IoT devices continues to increase, the concern for cyber attacks grows as well. One of the major sources of attacks are DDoS botnets which target insecure IoT devices.
Knowing the true extent of DDoS threats and how to tackle them is important for consumers. Here, we’ll go over the current state of the problem and understand its larger implications for IoT.
What is a DDoS Botnet?
A Distributed Denial of Service (DDoS) botnet is a self-propagating malware that weaponizes infected IP-connected systems protected by weak or encoded passwords, generally with an aim to destabilize a target device or steal its information. There is always a huge spike in traffic that can cause the entire system to crash.
A famous example of a DDoS botnet was the October 21, 2016, Dyn cyber attacks which shut down the Internet for millions of users worldwide. Dyn is a dynamic DNS service of the Oracle Group. The attackers targeted the company’s cloud service using Mirai botnet as a source, while masking TCP and UDP traffic via Port 53.
When the bots multiplied, they weaponized infected IP cameras, access gateways and baby monitors. Evidently, it was the closest thing to a technology apocalypse. However, the impact was limited to sites such as Twitter and Spotify going down for hours.
How many DDOS Botnet Attacks Took Place?
There have been a few more DDoS botnet attacks since the Dyn incident. Although, not on the same scale as Dyn, these attacks have used different kinds of vectors which is a major concern for security researchers.
Satori DDoS Botnet Attack: On September 4, 2019, a Washington state hacker named Kenneth Schuchman, along with an accomplice, launched the Satori botnet. For this, they used a leaked source of Mirai botnet which was used in the Dyn attacks. Over 100,000 IoT devices were compromised including GoAhead cameras and smart digital video recorder (DVR) systems.
The worst part is that the exploiting devices were based in Vietnam and the target was a Canadian ISP. It indicates the true global nature of the problem and that it is relatively easy to launch a DDoS attack from insecure IoT devices in another country.
Imperva DDoS Botnet Attack: On July 24, 2019, a Silicon Valley company called Imperva saw a DDoS attack in the application layer 7 where over 400,000 IoT devices were compromised. The source of the attack was Brazil.
QBot: This botnet attacks Telnet networks and has been around for the last two years. While no serious security incident happened yet, the botnet can be readily downloaded online for attacks.
Which IoT Devices Are More Vulnerable to DDoS Botnet Attacks?
Given the past trajectory of Mirai, it is clear that the IoT devices such as IP cameras are most vulnerable to DDoS botnet attacks. Video doorbells are an area of concern, and there has been news of hackers supplying fake images to the doorbell to gain unauthorized access to a home.
Until now, there have been no reports of DDoS botnets targeting smart speakers, smart displays, or consumer electronic appliances such as smart refrigerators. A big reason could be that many of the popular product manufacturers use either Amazon or Google’s cloud services which ensures steady security.
In comparison, a video doorbell or IP camera is manufactured by scores of companies and some of them may have lax security standards.
Will 5G Increase the Risk of DDoS Attacks?
Some IoT security analysts believe that the emergence of 5G networks might give a renewed strength to DDoS botnet attackers. The main reason is the increased bandwidth and lower latency of 5G networks which would find takers among attackers of IP cameras and other devices.
This means there will be many insecure IoT devices connecting to 5G. Thus, 5G networks are a viable conduit for an attack vector under the right conditions. If ISPs do not take adequate precautions to make their 5G access points impenetrable, it can lead to negative consequences.
DDoS botnets can have a crippling effect on an organization’s brand and throw connected systems completely out of gear. Although the current threat landscape isn’t looking as bad as the 2016 Dyn disaster, the widespread availability of DDoS botnet downloads and the continued neglect of security among certain types of IoT devices might lead to trouble down the road.
Are you concerned about IoT devices turning into receptacles for botnet attackers? Please let us know your views in the comments.