In October of 2016, 100,000 unsecured Internet of Things (IoT) devices took the domain name provider Dyn down with a massive distributed denial-of-service (DDoS) attack. As a result, many websites like Netflix and Twitter were offline for a short time. This dangerous side effect of IoT is caused by botnets. The term botnet simply means a group of internet-connected devices controlled by a central system. By using a botnet, hackers create a flood of fake requests to a website or network resource so that legitimate users cannot access it (Marr, 2017). Since a decade, botnets are active. IoT has made the problem much worse with a big number of inexpensive devices that connect to the internet, who have little or no built-in security. They are easy targets for hackers and nowadays botnet attacks are still a problem.
Echeverria and Zhou (2017) discovered this year botnets with over 350,000 and 500,000 bots. But how can we stop hackers from using botnets? The best defense would be for everything online to run only secure software, so botnets couldn’t be created in the first place. The problem is that most IoT devices are not designed with security in mind and often have no way of being patched. This may have led to the existence of an even more evolved IoT botnet that has already secretly infected a million organizations. This new botnet, called “IOTroop” is growing at fast pace and has over 100 additional functions than Mirai had when the bot took Dyn down (Barth, 2017).
The discovery of such big botnets is alarming news for businesses and consumers around the globe. Manufacturers of IoT devices need to invest in software or systems to secure the devices and guarantee safety. Otherwise, the next attack could cause major troubles because operators may not be adequately prepared for the next major IoT-based DDOS attack.
References:
Barth, B. (2017). One year after Mirai, a new IoT botnet threat emerges. [Online] SC Media. Available at: https://digitalstrategy.rsm.nl//2017/10/17/botnet-of-things/ [Accessed 20 Oct. 2017].
Echeverria, J., Zhou S. (2017). Cybersecurity Experts Uncover Dormant Botnet of 350,000 Twitter Accounts. [Online} MIT Technology Review. Available at: https://www.technologyreview.com/s/603404/cybersecurity-experts-uncover-dormant-botnet-of-350000-twitter-accounts/ [Accessed 20 Oct. 2017].
Marr, B. (2017). Botnets: The Dangerous Side Effects Of The Internet Of Things. [Online] Forbes. Available at: https://www.forbes.com/sites/bernardmarr/2017/03/07/botnets-the-dangerous-side-effects-of-the-internet-of-things/#442d201e3304 [Accessed 20 Oct. 2017].
Hey Luc,
Thank you for your very informative article. I think as IoT continues to dominate in popularity and enter the minds of upper management as they consider whether this is something they want to embrace in their business, the security of connecting everything should certainly be questioned. You think of something like Lastpass, which I know is not an IoT but follows the idea of connectivity. I create 10 different secure passwords and save it all onto one platfrom- Lastpass. Hackers now need only one password to hack into in order to gain access to ALL of my passwords. I think the same could be considered for IoT. With all this connectivity, you’re right, we are definitely more susceptible to attacks because everything is now centralized. I’m curious what your take on the implications of this may mean.