Bad News: Bots Thrive on the IoT

More bad news for IT security professionals… Noted security researcher Brian Krebs published an article on his website about the public release of the Source Code for the IoT Botnet ‘Mirai’ which, incidentally, brought his website to its knees a couple of weeks ago (it was the 2nd largest ever DDoS attack to date.)

Krebs wrote:

“The source code…has been publicly released, virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices… The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords. Vulnerable devices are then seeded with malicious software that turns them into “bots,” forcing them to report to a central control server that can be used as a staging ground for launching powerful DDoS attacks designed to knock Web sites offline.”

Internet of Things (IoT) Vulnerabilities

At Corero we’ve been warning of the potential for this kind of mega-attack for many months, if not years. Gartner predicted that 6.4 billion “Things” would be connected to the IoT in 2016; indeed, there has been an explosion of Internet-connected consumer devices, such as home routers and closed circuit television cameras, and industrial systems, such as electric utility grids, hospital equipment and large scale automated manufacturing operations.

It’s no secret that many IoT devices are poorly architected from a security perspective. Many have little or no security in place, which makes them easy to brute-force crack the passwords to take remote control of them for nefarious purposes. Given these two factors, it was only a matter of time before cybercriminals would wreak havoc with the IoT, and leverage it to launch distributed denial of service (DDoS) attacks.

Because the “Mirai” source code was released, Krebs predicts:

“…there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth.”

It’s virtually impossible to ensure that all IoT devices have security patches and updated (not default) passwords. And the cyber criminals will continue to make other forms of malware that infect devices. So what can be done about this problem?

DDoS Defense as a Service

One step that can be taken towards greater security for businesses (and consumers) is to have Internet Service Providers deliver clean traffic to their customers. Telecoms are increasingly expected to be the gatekeepers of “clean pipe;” many of their customers expect their upstream provider to deliver Internet service that is void of cyber threats.

After all, the best protection is an in-line, real-time denial of service solution that stops DDoS attacks at the edge of the network. Telecoms, as internet connectivity and managed security service providers, are more obligated than ever to protect both their networks and their customers, and now they have the modern technology to do so. Proactive telecoms have an opportunity to provide this service to their customers, and many customers are willing to pay for that protection. It’s both a necessity and a revenue opportunity for telecoms.

For more information, contact us.