While data breaches and ransomware are still considered among the more significant concern for businesses, the threats sometimes come from a direction we weren’t expecting. Cybercriminals use botnets for various malicious purposes, most significantly for DDoS attacks against targets. The most important change is now the bot armies are increasingly made of IoT devices.
As the total installed base of IoT devices worldwide is expected to reach 30.9 billion by 2025, the IoT botnet threat and its overall power continue to expand.
Attackers seized the opportunity to create large botnets, to large complex DDoS attacks to disable or knock offline a target website. Although the IoT botnets can steal confidential data, as seen in the instance of the Torri botnet, most of the botnets have been used for DDoS attacks.
This is a dangerous warning for an online business to ensure they have effective anti-DDoS protection and bot takeover prevention.
High-Level Anatomy of IoT DDoS Attack
So, what is a botnet? – A botnet is a group of infected computers under the control of attackers used to perform various scams and cyber-attacks. Here, the attackers use malware to take control of vulnerable IoT devices to block legitimate users from accessing internet services by executing DDoS attacks.
A simple principle governs a DDoS attack: it takes down websites offline by consuming more resources or occupying all available bandwidth. Attackers with more hijacked IoT devices can consume more resources and launch a more damaging attack. The three main goals of attackers include:
- To cause consumption of limited resources
- To cause destructive changes to network devices
- To change or destroy configuration information
Why Are IoT Devices Easy Prey for Botnet Malware?
The increased proliferation of IoT devices has become an attractive target for attackers. Further, most IoT devices include serious security issues like weak passwords, open access to management systems, default administrative credentials, or weak security configurations. As millions of IoT devices and their numbers continue to increase, they are not constantly updated to patch against security vulnerabilities.
Botnet attacks seize the opportunity of IoT vulnerabilities to take control of the devices and lead to disruptions in online services. They’re most placed on networks that are not monitored for the attack, making it easy for attackers to access them. Further, in most cases, the network where they reside offers a high-speed connection that enables a large amount of DDoS attack traffic.
Major IoT Botnet DDoS Attack Trends
IoT botnet DDoS attacks are not new; Mirai was the most prevalent and has continued to target IoT devices since 2016. Mirai made its debut on September 20, 2016, with a DDoS attack against cybersecurity expert Krebs’s blog. The next notable IoT botnet DDoS attack was in October 2016 against Dyn, a major DNS (Domain Name Service). The Mirai botnet assaulted the victim with one terabit traffic per second, which made a new record in a DDoS attack.
According to the ENISA threat landscape report, in 2019, the Mirai variants increased by 57%. The Verizon data breach investigations report recorded 103 699 botnet incidents primarily targeting professional, financial, and information services industry verticals.
A new variant of Mirai called Mozi accounted for the most observed flooded traffic in late 2019 through 2020. The Mirai and its variant continue to pose a threat in 2021; they broadened their attack with its significant new capabilities.
Attackers use multiple botnets based on Mirai and Mozi botnets like Echobot, BotenaGo, Moonet, and Loli to target devices. According to Sam’s report on the IoT security landscape, more than 1 billion IoT security attacks took place in 2021, nearly 62 million of which were IoT-related DDoS attacks.
How Can You Protect Against IoT Botnet DDoS Attacks Today?
As the botnet landscape expands and highly sophisticated threats become inevitable, enterprises must move beyond legacy security solutions.
The first step to addressing these ongoing security challenges is moving to comprehensive risk-based security solutions. In addition, advanced, automated endpoint detection and protection solutions must offer complete visibility into IoT devices and their security state.
As always, prevention steps should be implemented to stay protected from such attacks:
- Monitor incoming and outgoing traffic on your network for malicious activities with a web application firewall. Next-gen WAF like Indusface AppTrana can block bad bots from specific IPs while ensuring a smooth transfer of legitimate bot traffics.
- Monitor login attempts and create a lookout for spikes
- Keep IoT devices on protected networks
- Perform continuous security testing on IoT devices
DDoS attacks are the standard intent of an IoT botnet. DDoS may be an unavoidable part of the new reality, but you don’t need to take it as the new norm. Architect robust security solutions to properly secure your businesses.