2016 was the year that IoT devices took center stage in the ongoing cybersecurity war. A massive network of infected IoT devices known as the Mirai botnet was involved in several damaging and high-profile DDoS attacks.
Here is a highlight reel of some of the Mirai botnet's most notable attacks in 2016.
- September 20: KrebsOnSecurity.com was targeted with a DDoS attack that was almost twice the size of the largest prior attack that the site's host, Akamai, had ever seen.
- Late September: A French webhost, OVH, was targeted by the Mirai botnet in one of the largest DDoS attacks to date.
- October 21: A DDoS attack on DNS company DYN took down several major websites, including Spotify, Twitter, GitHub, and Etsy.
How Dangerous Are IoT Botnets Like Mirai?
There is no question that IoT botnets are dangerous. There is also no question that they will become more dangerous as IoT devices continue to proliferate. Gartner predicts that there will be 6.4 billion IoT devices in use by 2020.
The threat posed by the Mirai botnet was significant enough that it garnered the attention of the United States Computer Emergency Readiness Team (US-CERT). On October 14, a threat alert was posted on the US-CERT’s website regarding the emerging threat posed by the Mirai botnets and others like it.
Here are a few reasons that IoT devices are vulnerable to infections like the Mirai malware:
- They are almost always connected. Most IoT devices connect to the internet automatically, and many are turned on continuously, like routers, monitoring devices, and refrigerators.
- They are very insecure. Some studies show that it takes around 6 minutes for a newly connected IoT device to become infected.
- Most manufacturers, organizations, and end-users are using basic admin credentials. This is tantamount to just leaving the barn door open.
- Botnets can grow big fast. Mirai was coded in such a way that once the malware sets up shop in a device, it immediately scans for other connected devices to infect. The result is exponential growth for the botnet.
Once the botnet itself reaches a good size, the owner will rent access to the botnet to other bad actors. When a hacker is ready to use a botnet to launch an attack, the person simply rents time from the botnet's owner and then scours the internet with search tools that look for all connected devices within the botnet. Once the hacker determines that the current active size of the botnet is sufficient, they will launch the attack.
A Growing and Evolving Threat
Another reason that IoT botnets are a serious security concern is that there are strong indications that this threat is growing and evolving. Consider the following facts: In late October, Mirai's author released the code for the IoT malware. Since that time, copycat hackers have made improvements to the code and are releasing new iterations of Mirai that are targeted to include more devices.
Just as the public is not yet fully aware of the amazing potential of IoT devices to do good, the hacker community is also not fully aware of the dark potential of IoT. Experts believe that this current age is one of bliss and ignorance on both sides—but that it will be short-lived. No one can be certain exactly how big the IoT botnet threat will be once the hacking community is fully engaged in IoT or when IoT hacking activity will kick into high gear.
Is There a Way to Defend Your Organization Against Botnets Like the Mirai Botnet?
There are several steps you can take to defend your devices, network, and data from threats like the Mirai botnet. When Dyn came under attack, its first line of defense came from automated-response techniques. Later, the company’s technicians had to employ mitigation tactics to continue to defend its services against malicious traffic.
To protect your wireless devices from infection, you should:
- Audit all IoT devices on your network.
- Change all passwords or put devices behind a firewall or router.
- Use strong encryption for WiFi network access.
- Keep all IoT devices’ firmware up to date.
Dyn could defend itself from Mirai because the company had experienced technicians who could mitigate the attack. Many organizations are very vulnerable because they do not have the staff or technology on hand to mitigate an IoT botnet attack. These organizations often choose cloud services because they can access top security talent through their cloud provider.
To protect your network from a malicious botnet attack, you might consider cloud services. A high-quality cloud provider has the technical capability to monitor and mitigate attacks like the DDoS attacks wrought by the Mirai botnet.
Start addressing your organization’s network vulnerabilities. Talk with an Oxford security expert by calling 1-800-520-9911 or submitting a form on our contact page.