The Internet of Things is all around us, in our homes, our offices, and even our cars. While this connectivity can provide a more unified and automated approach to daily tasks, it has the downside of enabling certain security threats to go unfettered. A prime example are the IoT-driven botnets that seem to be increasing in popularity.
What is the IoT, and What’s a Botnet?
The Internet of Things (IoT) is a blanket term describing any item that collects data and connects to the Internet to process that data. Think everything from fitness trackers to smart home assistants, smart watches, and internet-capable security cameras. If you have any device that is described as “connected” or “smart,” you’ve interacted with the IoT. These kinds of devices are becoming more and more commonplace in everyday life.
The big problem with IoT devices is that there is little, if any, attention devoted to maintaining their security. This, combined with their reliance on an Internet connection to function, make them perfect for building the online threat known as a botnet.
A botnet is a network of devices utilized as an attack vector. By infecting numerous pieces of hardware, an attacker is able to leverage their combined resources as part of a brute force attack, overwhelming the targeted system’s security. We’ve seen this before, including events that took down dozens of popular websites on the Internet all at once.
A Bad Memory Comes Back Again
There are plenty of examples of IoT botnets, but a particularly nasty one, Mirai, has made headlines again as a new derivative botnet has begun to rise. Called Persirai, this botnet leverages the same IP cameras as Mirai to power its attacks. Persirai has been making its rounds around China, infecting thousands of devices.
Of course, there are other botnets that warrant concern as well. A currently-dormant botnet, called Hajime, was measured by Kaspersky Labs to have almost 300,000 IoT devices powering it. The researchers also noted that it was very well-written and put together. As a result, should the idle botnet be put to use (as experts suspect is very likely will) it could very easily be as potent as Mirai was.
How You Can Protect Your Business
Fortunately, many botnet-powered DDoS attacks can be avoided through some relatively simple preventative measures that are in line with recommended business continuity best practices. For example, keeping your data on multiple, distinct locations will help keep it safe should you find your business to be the target of such an attack. Furthermore, it never hurts to have a firewall put into place, as many varieties of DDoS attacks can be mitigated by them.
Setton Consulting can help you to implement these measures to protect your business against threats that come from misused IoT devices. Give us a call at 212-796-6061 to get started.