Internet of Things is a world where things are interconnected via the Internet. IoT comprises smart physical objects like vehicles or embedded devices such as routers and toasters. These devices have sensors embedded within them which are connected via the internet, enabling the connected things to collect and exchange data while allowing users to control those devices.
IoT devices majorly consist of sensors and actuators, both playing a very crucial role in the complete process. All IoT devices have a way to process and communicate a large amount of data. And for this massive amount of data, security plays a crucial role.
According to recent research from Kaspersky, it was known that during the first half of 2018, IoT Malware that was explicitly designed for IoT devices grew three-fold with over 1,20,000 modifications of malware.
Cybercriminals may have different reasons for exploiting IoT devices, but the most popular reason was to create botnets which would be used to facilitate DDoS attacks. Some of the malware modifications discovered by Kaspersky Lab were even tailored to disable competing for malware.
For a long time, it was misunderstood that IoT devices cannot be the attention of IoT malware and would not be an easy target for them. But as soon as the malicious activities grew in number, this was a wakeup call. Some people who manufacture smart products and wearables are still not aware of the security of their products and later take action when data security is deteriorated in intelligent products. IoT products have become easy targets for cybercriminals who perform an illegal activity like DDoS, spying, blackmailing etc. by making smart products into the powerful ones.
Why IoT Botnets?
A Botnet is a network of systems that control and distributes the malware. Hackers use them on an enormous scale for various things like getting private information, DDoS attacks and exploiting the online data. Botnets consist of many devices which are connected from computers, laptops, and so-called ‘smart devices’ these days. These connected things have two unique characteristics, i.e. they are internet enabled, and they transfer a large amount of data via a network. As IoT is mainly about connected devices, there is a large number of devices that connect in the system, thus increasing the number of botnets and cyber-attacks.
There are two types of Botnets: Traditional and IoT Botnets
1. Traditional Botnets:
A traditional botnet is a collection of various computers or servers, often referred as zombies, which are infected with malware, thus allowing an attacker to control them. Botnets control these machines with the help of Internet Relay Chat (IRC). The control method sends commands to perform malicious activities such as DDoS (Distributed-Denial-of-Service) attacks, data and information theft or spam mail.
2. IoT Botnets:
An IoT Botnet is also a collection of various IoT devices such as routers, wearables and embedded technologies infected with malware. This malware allows an attacker to control all the connected devices.
IoT Botnets differ from the traditional ones in a way that the infected IoT devices spread the malware, thereby targeting more and more devices. Traditional Botnets consist of thousands or tens of thousands of devices whereas IoT Botnet consists of hundreds of thousands of devices.
Why Attackers Target IoT Devices?
Let’s look at some of the reasons why attackers target IoT Devices:
1. Weak Passwords:
During the device development lifecycle, apart from security, manufacturers want their devices to be easy-to-setup. Not everybody who uses the device is tech savvy. To make the invention easy to set up, the manufacturer provides secure login credentials. During this natural to the setup process, the following complications occur-
- After the device is set up and login for the first time, people later on leave the device credentials unchanged.
- After the device is shipped, the default credentials are added to the list of known exploits of that device.
- Manufacturers continue using easy login credentials which then join the known vectors.
2. Lack of encryption:
Because IoT deals majorly with a large number of connected devices, collecting data from multiple sources becomes a tedious task. Simultaneously, security is a major concern, and often security features like encryption are often overlooked. While designing the IoT apps, encryption should be a top priority so that IoT Malware does not become a natural attack.
IoT Device Manufacturers put hidden access methods known as backdoors which makes them easy for to support. But, to be true, it is a front door for the hackers. And most of the users do not have technical knowledge; it becomes a child play for a hacker. But once the backdoor is known, a firmware is developed which closes the backdoor. These backdoors are either a userID or a password which acts as a front door for the hackers.
4. Lack of encryption:
Security is always an essential factor in the development lifecycle and so does encryption in the IoT Device. Many IoT devices do not support encryption, so you need to select a right IoT device. In the recent IoT devices, embedded cryptography is responsible for the encryption and authentication in the devices.
How to Protect You IoT Devices?
- Change in default passwords/Always change default passwords.
- Remove devices with telnet backdoors.
- Never expose a device directly to the internet.
- Run port scans on all your machines .
What is in Future?
The Internet of Things has brought a new wave. Everything from home to cars to watches, everything is connected. It is known that by the year 2020, there will be more than 25 billion devices connected to the Internet. The increase in the number is more than enough to attract cybercriminals as they have access to more data, more systems and more money to be made. As the number of devices has been increasing massively day by day, the IoT Botnet attack marketplace is also continuing to do so. The competition is rising, more IoT devices are on target and thus more financial gain. Botnets have been involved in almost every DDoS attack, thus resulting in lost revenue, globally less valued brands, degradation in services and unreliable data.