02 Oct BOTNET OF THINGS: EMERGING TREND SNAPSHOT BY INFOTECH CONSULTING SERVICES
What is this?
This is our first emerging trend snapshot which is based on the darker side of disruptive technologies. Since at least the turn of the century, hacking into computer systems and centrally controlling them as one massive computing entity, has been done. The point was usually to launch distributed denial of service attacks to bring a website and/ or a company’s web enabled system offline.
However with the accelerating transition of the age of mobility to the Internet of Things that has already seen billions of devices connected to the Internet a sinister new phenomenon has emerged. It is what we call the botnet of things. A botnet of things is a supercharged turbo version of botnet that primarily uses hundreds of thousands of Internet of Things devices to launch attacks that are unprecedented in history in scale and scope.
Why is this trend happening?
In Enterprise security hackers are in an arms race with security companies. When hackers discover a flaw or launch an attack, the other side fights back, often quickly and plugs the vulnerability. Both sides win battles but the general course of the war stays predictably manageable. However when it comes to internet of things its protector the security of things is behind. Comparatively cheap sensors and IP based cameras etc are proliferating at a dizzying rate with no historical precedence of such speed. Most devices connected to the internet from connected televisions to passive infrastructure monitoring sensors are not really built with security in mind. Hackers have been quick to seize on that and are taking over and connecting devices to botnets much faster than security companies have been able to respond to them.
What are the benefits?
For people just trying to use the Internet of Things to achieve their business objectives…. None! For the hackers the benefits are obvious. Lax security means ease of hacking. Far more devices means far more power. The great power of the botnet of things was demonstrated when sites like Twitter and Netflix went down in several countries because an internet infrastructure provider Dyn was attacked using a botnet of things. The Mirai attack as it was popularly known (named after the malware that allows you to compromise internet of things devices) used over a hundred thousand devices to send a record number of traffic to bring down Dyn.
What are the challenges?
The challenges stem from the systematic failures in the IoT ecosystem and human behavior. If users made sure their devices were patched regularly and followed a healthy password creation and maintenance regimen far fewer devices would be compromised. The IoT devices themselves fly off the shelves because of price. Making them more secure would raise that price and there is no regulatory pressure to do that just now. Additionally malware to take over IoT devices and create botnets in a “low barrier to entry” automated manner are easily available. What this essentially means is that while brute attack force of this level only used to be the purview of nation state actors, now far more people can get their hand on explosive compute power to attack portions of the Internet. These fundamentals are so ingrained we see things getting worse before they get better.