Picture it: You’re sitting at your computer surfing your favorite sites, when out of nowhere your browser crashes. You relaunch and attempt to reload the page you were viewing, but you have the same problem. Perhaps the site you were viewing is having trouble, so you try some routine maintenance. You open Windows Resource Monitor and see that your CPU is working at near capacity. Now you know something’s definitely wrong, so you launch your browser again to find information on CPU usage, and this time the browser takes forever to open. These are clues that your computer may have become an unwitting member of a botnet. That’s right, your computer might have been turned into a zombie.
A botnet is a collection of internet-connected devices infected with malicious software and controlled as a group without the owners’ knowledge (hence the colorful name “zombie”). These devices can include PCs, servers, mobile devices and internet of (IoT) devices that are infected and controlled by malware. The malware takes control of the devices and sends data or “calls” to a Command and Control (C&C) server.
What role do IoT devices play in the current botnet threat landscape? IoT devices are notoriously vulnerable to attack. They’re like little computers, except with no firewall or antivirus security features. Add this to the ever-growing number of IoT devices – 8.4 billion and counting – and you have the perfect storm for a botnet zombie invasion.
During September 2016 in France, the telecom provider OVH was hit by a distributed denial-of-service (DDoS) attack. This attack was one of the largest recorded. On a Friday afternoon in October 2016, the internet crawled nearly to a stop for most of the entire eastern United States. The tech company Dyn, a key part of the internet’s backbone, came under a crippling assault. During the last U.S. presidential election, it was feared that the IoT botnet called Mirai was at work and might possibly impact the election. Fortunately, there is no evidence that zombies voted in the election or altered any votes.
Another very high profile IoT botnet is Reaper. By many accounts, this IoT botnet was even more dangerous than the Mirai Botnet. While Marai simply used unchanged default credentials to create zombies, Reaper exploits known security flaws in the code of those insecure machines and uses those known vulnerabilities to ensnare the devices and zombify them. This ability to exploit vulnerabilities may lead to reaper becoming an even bigger botnet than Mirai and infect a substantially larger number of devices.
Of course, there’s money to be made for the bot herders — aka the hackers who herd the zombies. As recently as February 2018, it was reported that a cybercriminal gang known as Los Calvos de San Calvicie were selling Distributed Denial of Service (DDoS) attacks for the low, low price of just $20 per attack. These are not large volume attacks — they range from 290- 300 Gigabits per second — but are still large enough to bring down a server unless it is protected against DDoS attacks. This IoT botnet is comprised mainly of Internet routers that you would use in your home or small business. There is virtually no IoT device that is immune to becoming a botnet zombie.
What can we do to protect ourselves and not become a zombie?
Here are some tips to help keep your device from becoming a member of the “Walking Dead”:
- Each device comes from the factory with a default username and password. Change the password immediately.
- Make sure all your devices are up to date with all the latest security patches and firmware updates.
- Use encryption, even on the files you store in your network storage device. If you do not have access to an encryption tool, you can simply put your files in a password-protected ZIP file.
- Most home routers and switches have the possibility to set up several different virtual networks. This can be accomplished by using the publications that come with the router or check the website or contact customer service.
- Disable Universal Plug and Play (UPnP). UPnP is designed to help IoT gadgets discover other network devices. Unfortunately, hackers can also exploit this feature to find and connect to your IoT devices and possibly penetrate your network.
- Unplug it! Disconnect your IoT devices from the internet (or turn them off completely) whenever you don’t need them to reduce their vulnerability.
Until next time, stay secure.
Want to more tips? Read more at InspiredeLearning.