IoT Botnets

Author: lpark | Published on June 18, 2019 | Views: 1529

The Internet of Things is a new, popular trend in

commercial and consumer technology, and this trend is creating new vectors of attack for
malicious hackers. A new type of botnet, the IoT botnet, has emerged in the wake of the Internet
of Things. This section explores the basics of botnets, how it is applied towards the IoT, and how
organizations can protect their devices against IoT botnets.

The Internet of Things is quickly becoming a new facet of the internet. The term is sought after
by large corporations seeking to move with new technology trends, appears frequently in tech-
focused media, and has likely cropped up at a local retailer. The idea is simple. Technology and
appliances that are not usually connected to the internet are equipped with internet features; this
includes internet-enabled fridges, locks, cars, medical equipment, industrial equipment,
agricultural equipment, interior lighting, and anything else that can be connected to the internet.
While these new internet-enabled devices come equipped with additional features, they also
create new risks by connecting to the internet. As a result, botnets have developed around these
Internet of Things devices. This section will dissect the idea of a botnet, the emergence of IoT
botnets, and how an organization can protect themselves against IoT botnets.
A botnet is a network of compromised devices that can be dedicated to carrying out tasks on a
large scale. Typically, botnets are made up of personal and commercial devices that have been
infected with malware. Sometimes, users will voluntarily dedicate their devices towards these
tasks in what is called a voluntary botnet. One of the most common applications of a botnet is a
Distributed Denial of Service attack or DDoS attack. The botnet utilizes its infected devices,
often referred to as “zombies”, in order to flood servers with an overwhelming amount of
requests. This usually results in the shutdown of websites, but DDoS attacks have been utilized
against other types of services. Popular methods for spreading the programs that create botnets
include false download pages, sites that contain intrusive adware, and phishing emails.

Botnets have been around for quite a while, but the prevalence of Internet of Things devices has
led to a new evolution of botnets. An Internet of Things device that has been compromised into a
botnet is often referred to as a “thingbot”. This could be any “thing” that has specialized internet
access. For example, modern tractors are often connected to the internet in order to automate the
process of planting, fertilization, and harvesting. The vehicle’s controls are linked to an internet-
enabled computer that collects GPS data in order to guide the tractor on a calculated route. An
IoT botnet could include internet-connected agricultural equipment, meaning an attacker could
utilize this to disrupt or control the production process. IoT botnets can also include heart-
monitoring equipment, pacemakers, and active medical equipment. Creating an Internet of
Things botnet requires specialized intent and knowledge of IoT devices. With the exception of
some devices, such as home appliances that come equipped with full desktop environments on
standard operating systems, infecting Internet of Things devices with botnet malware is a
specialized task.

Protecting against IoT botnets is an easier task than infecting one. Most importantly, be aware of
what devices are connected to the internet, what purpose this connection serves, and whether or
not they are connected while out of use. Many IoT enabled devices come with features that many
users might consider superfluous. If a fridge or toaster comes equipped with the ability to browse
social media sites, the value of this appliance feature may not be worth the potential risk of
connecting it to the internet. If your IoT device is connected to the internet and serves a useful
purpose, be wary of how often it is connected to the internet. Many IoT enabled devices will
remain connected to the internet when it is not practical or useful for the user. Disabling internet
features when leaving IoT enabled devices is a good way to prevent the spread of malware.