What Are IoT Botnets?
According to Nitzan Miron, vice president of product management for application security at Barracuda, an IoT botnet begins when an attacker compromises a connected device.
“This could be anything you install in your home, or sensors in your business,” he says. “Attackers can take control of tens or hundreds of thousands of devices and use them to do their bidding. I imagine an army of toasters and air conditioners, and this isn’t far from the truth. While IoT devices are limited in their computational ability, even an AC unit now has a powerful processor that lets it perform some computation.”
An attacker marshals these compromised devices to attack a target, such as a state or local government network. The most common attack vectors for IoT botnets are DDoS attacks, which see agencies inundated by thousands of access, function or data requests from controlled devices simultaneously. If agencies don’t have the right security infrastructure in place, these bots can bring down entire networks.
IoT botnet DDoS attacks are often used as distractions that hide hacker efforts to compromise networks and install malware payloads capable of capturing and exfiltrating data, Miron says. For state and local agencies, however, the occurrence of the attack itself can be damaging, even if data isn’t compromised.
“Government organizations are often responsible for critical infrastructure, and agencies may hold a lot of data,” Miron says. “Even if attacks don’t impact government’s ability to perform key functions, they can impact public perception and reduce public confidence.”
READ MORE: IoT and analytics aids disaster preparedness and response.
What’s Next for Botnets?
While volumetric botnet attacks remain common, malicious actors are also becoming more sophisticated in their approach.
“Consider the Mirai botnet, an early example of a volumetric attack,” Miron says. “It was a very simple piece of code with a simple idea: Each device would go looking for additional devices to control. Once enough devices were controlled, attackers could use them to go after one target at the same time, quickly overwhelming the organization.”