How a Botnet Can Contract Millions of IoT Networks?

A botnet typically refers to the anthology of internet-connected devices, including servers, personal computers, and mobile and IoT devices. Botnets can be infected easily and controlled by a common type of malware. This is the reason malicious actors can capitalize on security weaknesses within IoT devices to insert malware and create botnets, without any consent to individuals’ devices. In a report from cybersecurity firm Symantec, cybercriminals contract home networks and everyday consumer connected devices to perform Distributed Denial of Service (DDoS) attacks on more profitable targets, usually large companies.

Undeniably, the internet of things draws several benefits to users, but it also poses significant vulnerabilities. The technology doesn’t have strong features built into them to ward off hackers from accessing connected devices. This can lead to concerns about personal privacy and security. Apart from this, IoT devices carry out a big challenge as hackers can exploit them to form a botnet. It is predicted that there will be 13.5 billion connected devices by 2020.

Several manufacturing companies are increasingly enhancing the security of their IoT devices. Despite this, hackers find a new gap to breach systems used for manufacturing processes, particularly, DDoS attacks are common as it is easy to purchase and launch a DDoS toolkit. Considering a report from Imperva, a massive botnet attack earlier last year compromised over 400,000 connected devices during the course of 13 days. Occurred between March and April, the attack targeted an online streaming application of one of the company’s clients within the entertainment industry.

The same activity was seen with the Mirai botnet, which first appeared in 2016, where it had utilized some of the same open ports. Moreover, a new and growing botnet, known as Reaper or Troop has been found recently, disrupting over one million organizations. The botnet, according to the security researchers from Check Point and Qihoo 360 Netlab, is more sophisticated and potentially more detrimental than Mirai. Reaper uses some of the code from the Mirai malware but works on a different method for compromising devices.

Generally, Mirai scanned open ports and took advantage of unsecured devices with fragile passwords, while Reaper is more powerful that exploits devices and enlist them with their command and control server. Reports claim that there are already millions of devices on standby, waiting to be processed by Reaper’s C&C servers. Reaper is built around a Lua engine combined with additional Lua scripts in order to run attacks. Lua is an embedded programming language aimed at enabling scripts to run.

These kinds of botnets, coupled with basic AI and machine learning algorithms, are able to identify any device virtually they encounter, search for a related vulnerability, and then opt the appropriate exploit, and even develop a custom exploit.

In this case, IoT devices like IP cameras and routers are particularly vulnerable to exploits. So, it becomes essential for users to regularly check with their service providers to see if there are any available updates. They also must be using a strong password to safeguard their IoT devices being targeted by hackers.