IoT Botnets: The Next Big Risk in Cybersecurity?

Today, cyber threats are coming from all directions. Cybercriminals bombard organizations with ransomware, endpoint attacks, phishing, supply chain attacks, and much more. And this ever-growing list of cybersecurity risks is putting companies under more pressure than ever before – cyber-attacks are becoming increasingly common, and network security is continually compromised.  

And if you needed one more cybersecurity risk to add to that list, you’re in the right place. Experts warn that Internet of Things (IoT) botnets could be the next big risk in cybersecurity.  

Over the last five years or so, we’ve seen IoT grow from a theoretical concept to a major priority for organizations worldwide. In 2021, there were over 10 billion active IoT devices, and this figure is expected to surpass 41 billion in 2027. The business benefits of IoT devices are numerous and far-reaching. Think improved productivity, reduced human labor, boosted work safety, improved physical security, enhanced efficiency (using sensors to track machinery performance), and cost savings (monitoring power consumption in real-time).  

Yet, despite their benefits, IoT devices are scarily vulnerable to cyber-attacks.  

What Are IoT Botnet Attacks?

A botnet attack is a large-scale cyber-attack where hackers remotely control a cluster of malware-infected machines. Essentially, these compromised machines become ‘zombie bots’ for the botnet controller. The term “botnet” stems from the words “robot” and “network.” Cybercriminals use botnets to automate mass attacks like server crashing (DDoS attacks), data theft, crypto mining, and malware distribution.  

At its core, am IoT botnet attack works like this: 

• Attackers exploit a vulnerability to expose the device users to malware.  
• Devices are infected with malware so that hackers can take control of the devices.  
• Attackers mobilize the infected machines to carry out attacks.  

If your device has been hijacked in a botnet attack, you’ll usually notice performance issues like sluggish speeds or constant spam and pop-ups. 

But how do IoT devices fit into the equation? Here’s the bottom line. IoT devices typically have poor cybersecurity controls (they often lack the computational capacity for built-in cybersecurity), and their portability makes them excellent for infiltrating multiple networks. If an attacker wants to gain network access, exploiting IoT vulnerabilities is an attractive option.  

Internet of Threats: The Current State of the IoT Cyber Threat Landscape

IoT cyber-attacks have been escalating in recent years. For example, from January to June of 2021, there were more than 1.5 billion IoT breaches. Moreover, IBM reported that IoT attacks rose 500% in 2021 compared to 2020. The study found that Mozi botnets were behind this colossal spike.  

Mozi uses the “wget” shell command to gain access to vulnerable IoT devices, then changes permissions to let the hacker interact with the system and wreak havoc. It’s most famous for hijacking Netgear, D-Link, and Huawei routers. Alarmingly, as of September 2021, Mozi accounted for an eye-watering 90% of observed traffic going to and from IoT devices.  

 Unfortunately, while the Mozi botnet has garnered the most attention, it’s not the only IoT botnet out there. Hackers have also created malware to target other IoT vulnerabilities and will continue to do so over the coming years.  

But what is the impact of IoT botnet attacks? Perhaps the most (scarily) impressive example of an IoT cyberattack in action is Stuxnet – the world’s first cyberweapon. The Stuxnet virus worked its way into Iranian nuclear facilities and then leveraged IoT devices to slowly sabotage centrifuges and ultimately shut down the nuclear plant.  

However, while Stuxnet was unprecedented, it’s not an excellent example of the risks of IoT for everyday companies. This highly sophisticated virus contained four (yes, four!) zero-day vulnerabilities. This is one of the reasons it’s thought to be the work of government agencies such as the US, although none have claimed credit for the attack.  

So, what kinds of attacks can we expect to see more of in the future? Well, let’s consider the IoT attacks we’ve seen so far. In 2014, hackers compromised over 100,000 Smart TVs, refrigerators, and other smart appliances to send out 750,000 malicious spam emails1per second, taking down the site. When researchers dug into the origin of this attack, they found the requests were coming from IoT CCTV cameras hijacked by cybercriminals.  

While different, these three examples (Stuxnet, Smart device attacks, and CCTV attacks) highlight three of the most pressing dangers of IoT vulnerabilities. Here we have spam attacks, DDoS attacks, and destruction of physical equipment. And attackers will continue to leverage these methods in future attacks.  

For example, Industrial Internet of Things (IIoT) is a rapidly growing industry. Devices in this category can monitor machine health and performance, automate processes, and reduce errors. But what happens if an IoT is hijacked and injected with malicious code, causing it to ignore signs of rising heat stress? What if a botnet causes this to happen to every machinery sensor in an industrial plant? 

Mitigating IoT Botnet Risks

Cybercriminals target IoT devices because these devices often have weak security. For example, they might have no built-in security features, be running on outdated operating systems, and are generally easier to reach than other points in the network. Therefore, the first step to prevent falling victim to an IoT botnet attack is to apply any firmware updates and scan for known vulnerabilities.  

 Equally important is locking down access to the IoT device itself. IoT devices often use generic default passwords that people rarely change. We must do away with this practice and start applying modern password hygiene principles to IoT devices.  

 Typically, IoT devices exist at the network’s edge, gathering and delivering data in real-time. As a result, IoT engineers are usually more focused on lowering latency and boosting speed than deploying traditional security measures. Additionally, standards for safeguarding IoT devices are well below that for computers and other endpoints. As a result, the tech industry needs to start building cybersecurity into IoT devices from the beginning – security by design rather than security as an afterthought.  

Adding to this, organizations need to start seeing IoT devices as a critical aspect of their network security, not as harmless devices on the edge.  

Final Thoughts

IoT devices form a vital part of the data-driven revolution, and they’re here to stay. From smart toasters to self-driving cars to operational technology and IIoT, soon, internet-connected devices will shape every aspect of modern life. However, we can’t neglect cybersecurity when designing IoT devices for now and the future. Botnets will keep coming, and hackers will sophisticate their techniques, so the time to act is now.