Back in 2008, when Rambo went in for one last round, the protagonist, Sylvester Stallone jumped in to liquify dozens of bad guys with his mounted Gatling gun, literally disembolwing members while tasked on saving a group of missionaries held captive in a remote area.
Well, if that was horrific, welcome to the cyber era, where guns have been replaced by botnet atatcks, conjuring up somewhat similar images, only this time the ninja is a bot.
What is a bot?
It is an application that performs automated tasks over the internet, a task that could be repetative and time consuming and hence the bot (short for ‘Robot’) comes in handy.
There could be good bots – like a search engine spider – and a bad bot, that comes in as part of a virus or worm and then manipulates the system for identity thefts or launch denial of service (DoS) attacks.
A DoS attack comes from a single device and prevents a legitimate user from accessing the web server. In a Distributed Denial of Service (DDoS) attack the server is hit simultaneously by multiple devices. It takes over more bandwith and brings down the server by burdening it with a large amount of simultaneous requests.
But how do IoT devices get infected?
An attacker comes in through myriad unsecured devices that are in use. It could be a smart light bulb, thermostat or power outlet, all part of the Internet of Things (IoT) that promises to make our lives more convenient and simple.
The takeover is silent, without you even knowing that your machine has been infected. The remote attacker takes complete control of the device making it a part of a many-branched network of captured devices all infected with the same bots.
This is a Botnet attack.
A crunching botnet attack in October 2016 had brought down the internet infrastructure provider Dyn, that disrupted access to popular websites like Netflix, Amazon, Twitter and PayPal among many others. And according to experts, unless hardware and software manufacturers improve the security of the open internet urgently – there will be many more such attacks.
Cisco has predicted that from 10.4 million DDoS attack incidents in 2017, it could be a much as 17.4 million in 2020.
But, why are IoT devices being mostly used for these attacks? The problem lies in its make – agents such as antimalware, anti virus or firewalls cannot be installed on, say a Close Circuit TV camera or a door lock. Although it has advanced computing abilites, an IoT device is plagued with almost non-existant security.
With the proliferation of IoT gadgets flooding our lives, the most pertinent question now is – how to prevent such botnet attacks from taking place.
IoT is everywhere and available readily from naufacturers who do not take proper security measures.
Consumers need to be aware of this when they next buy an IoT gadget. Just the ease of use or the level of ingenuity should not be the deciding factor for purchase. Nor should a cheap price tag be the major attraction. They need to be eductaed by manufacturers and Internet Service Provider (ISP) about the importance of security features on the gadget they buy.
Ways need to be created to force them into doing the most rudimentary checks like changing the the default settings on their IoT device right after purchasing it.
- Manufacturers are so swayed by demand, they are providing gadgets with weak security – in the form of transferring of data over insecure services like Telnet and FTP, extremely weak default passwords and at times not bothering with any security at all. These manufacturers, either by themselves or through pressure, need to decide on stringent security measures as a necessity. Cost of hardware or strict deadlines should not cause them to bypass basic security measures.
- When a gadget is being used in a botnet attack, it eats up a lot of bandwidth. If the ISP comes to notice this, they might either start charging the consumer for eating up excess bandwidth or warn the consumer that the gadget has been compromised and thereafter disable the system. Without a network connection, the device then becomes useless for DDoS attacks.
IoT is cheap, prevalent and gaining in currency in our life. However, simple IoT devices can also act as vulnerability points in security and become ground for botnet attacks.
Preventive measures are therefore a must before your smart fridge, light bulb or kettle can become their next target.