IoT Botnets

The Internet of Things is a new, popular trend in commercial and consumer technology, and this trend is creating new vectors of attack for malicious hackers. A new type of botnet, the IoT botnet, has emerged in the wake of the Internet of Things. This section explores the basics of botnets, how it is applied towards the IoT, and how organizations can protect their devices against IoT botnets.The Internet of Things is quickly becoming a new facet of the internet. The term is sought after by large corporations seeking to move with new technology trends, appears frequently in tech-focused media, and has likely cropped up at a local retailer. The idea is simple. Technology and appliances that are not usually connected to the internet are equipped with internet features; this includes internet-enabled fridges, locks, cars, medical equipment, industrial equipment, agricultural equipment, interior lighting, and anything else that can be connected to the internet. While these new internet-enabled devices come equipped with additional features, they also create new risks by connecting to the internet. As a result, botnets have developed around these Internet of Things devices. This section will dissect the idea of a botnet, the emergence of IoT botnets, and how an organization can protect themselves against IoT botnets.A botnet is a network of compromised devices that can be dedicated to carrying out tasks on a large scale. Typically, botnets are made up of personal and commercial devices that have been infected with malware. Sometimes, users will voluntarily dedicate their devices towards these tasks in what is called a voluntary botnet. One of the most common applications of a botnet is a Distributed Denial of Service attack or DDoS attack. The botnet utilizes its infected devices, often referred to as “zombies”, in order to flood servers with an overwhelming amount of requests. This usually results in the shutdown of websites, but DDoS attacks have been utilized against other types of services. Popular methods for spreading the programs that create botnets include false download pages, sites that contain intrusive adware, and phishing emails.Botnets have been around for quite a while, but the prevalence of Internet of Things devices has led to a new evolution of botnets. An Internet of Things device that has been compromised into a botnet is often referred to as a “thingbot”. This could be any “thing” that has specialized internet access. For example, modern tractors are often connected to the internet in order to automate the process of planting, fertilization, and harvesting. The vehicle’s controls are linked to an internet-enabled computer that collects GPS data in order to guide the tractor on a calculated route. An IoT botnet could include internet-connected agricultural equipment, meaning an attacker could utilize this to disrupt or control the production process. IoT botnets can also include heart-monitoring equipment, pacemakers, and active medical equipment. Creating an Internet of Things botnet requires specialized intent and knowledge of IoT devices. With the exception of some devices, such as home appliances that come equipped with full desktop environments on standard operating systems, infecting Internet of Things devices with botnet malware is a specialized task.Protecting against IoT botnets is an easier task than infecting one. Most importantly, be aware of what devices are connected to the internet, what purpose this connection serves, and whether or not they are connected while out of use. Many IoT enabled devices come with features that many users might consider superfluous. If a fridge or toaster comes equipped with the ability to browse social media sites, the value of this appliance feature may not be worth the potential risk of connecting it to the internet. If your IoT device is connected to the internet and serves a useful purpose, be wary of how often it is connected to the internet. Many IoT enabled devices will remain connected to the internet when it is not practical or useful for the user. Disabling internet features when leaving IoT enabled devices is a good way to prevent the spread of malware.