IoT Botnet Threat Evolution

How IoT Threats Have Evolved and the Worrisome Outlook for Enterprise and Critical Infrastructure

The Internet of Things is at the core of every enterprise in the digital disruption taking place in industry today. This is clearly shown in Industry 4.0 where IoT plays a crucial role in orchestrating the coordination efforts among people, devices, machines, systems, and entire production lines. From manufacturing and utilities to critical infrastructure and healthcare, IoT plays a critical role in predictive maintenance, resource monitoring and procurement, and operational improvements.

Experts cite security as one of the biggest threats to IoT. Though physical threats and tampering of devices are certainly a major concern, cybersecurity threats are much more worrisome because they are exceedingly difficult to prevent or even detect, and they can be far more damaging. What’s more, the cyber threats are evolving rapidly as great numbers of connected devices are turned into malicious soldiers in armies of dangerous botnets.

To understand the growing threats ahead of us, let’s take a brief look back at previous IoT attacks and how malicious hackers are learning from them and adapting to create ever more sophisticated techniques.

The world’s wake-up call to IoT cyberattacks – some experts call it a blueprint for future attacks – occurred about eight years ago. Something unusual happened in Iran where the International Atomic Energy Agency (IAEA) was visiting the Natanz Nuclear Facility. Inspectors noticed that the separators and filters used to enrich uranium were declining at an abnormally high rate. The cause of these failures was unknown at the time. Later, a group from Belarus was asked to check some computers that kept failing in Iran. These two events, though seemingly unrelated, led to the discovery of the world’s first digitized industrial threat. Malware had been used to disrupt and impair the centrifuges in the plant. In fact, it was later discovered that the malware had been destroying and undermining the facility over a period of twelve months. This malware was eventually named Stuxnet.

Stuxnet was unlike any other viral attack known in the history of cybersecurity. As opposed to attacking the computerized systems and taking data from them, Stuxnet was designed to infiltrate the industrial control systems built by Siemens. The malware targeted the hardware components of the plant and interfered with their operation, causing destruction of the physical equipment.

Six years later, in October 2016, another significant IoT attack happened. Researchers who later dissected the attack say it was well crafted and took significant planning and organization before the actual attack took place. The ultimate target was Dyn’s Managed DNS service, a critical service in processing global Internet traffic. The attack generated extraordinary amounts of IP address lookup traffic over port 53, overwhelming Dyn’s regular denial-of-service (DoS) defenses. As a result, Dyn’s address resolution service was brought down for several hours. The company’s network engineers managed to stop the attack, but like aftershocks following an earthquake, sporadic attacks kept coming in through the day. By then the attack had already done its damage; dozens of major Internet platforms and services had become unavailable to large swathes of users in Europe and North America.

Research into the root cause of the attack revealed that it involved hundreds of thousands of endpoints, many of them IoT-enabled devices such as surveillance cameras, residential routers and baby monitors. They had been overtaken by malware dubbed Mirai that brought the devices into a botnet which then forced them to send traffic to the Dyn servers at a rate exceeding one terabyte per second.

Cybersecurity experts proclaim that this attack was only a glimpse into an uncertain future characterized by zombie gadgets that will be used to cause more even more substantial attacks. And they were right…

Later there came other major IoT attacks using the Satori botnet, which is based on derivative code from Mirai. However, Satori is far more powerful than Mirai. Whereas the Mirai malware simply exploited weak or absent passwords, Satori seeks out security vulnerabilities and exploits them. Reports say the Satori botnet was accumulating infected devices at a rate of tens of thousands per hour. Researchers have discovered this malware on a diverse range of devices, including computers for mining cryptocurrencies, Huawei routers, ARC processors found in numerous IoT devices, and more. With the potential for very large-scale attacks, cybersecurity experts are undoubtedly in fear of what the Satori botnet could do.

These are just a few of the cyber threats unleashed on the IoT world. It’s important to note that the attacks have been growing in sophistication and adversity since the first was seen. As time go by, we ought to expect more of these attacks with even more significant consequences. For example, in 2018 alone, it is projected that ransomware will show a triple-digit increase in prevalence. Within the next two years, at least a quarter of the Internet malware will be targeting IoT gadgets and their interconnections. Despite the growing threats, it’s estimated that only around 30 percent of corporations will be able to stave off the attacks and realize their intended benefits of connecting IT with OT.

The promise of IoT is simply too great to allow malicious hackers to have their way. We at Cybeats believe that fighting back requires a two-front war. On the one hand, purveyors of the devices must ensure their devices are free of the vulnerabilities that attackers are exploiting. After all, attackers can’t build their massive botnets if they can’t compromise their intended targets. On the other hand, users of the devices – the manufacturing enterprises, utility companies, municipalities, hospitals, and so on – must boost their defenses by monitoring for malicious behavior and utilize solutions that can block attacks that cause harm.

We’re here to help on both fronts. Come talk to us about how we’re able to protect the Internet of Things.