IoT botnets – the landscape in 2019

October 28, 2019

Posted by: Anasia D'mello

Hardik Modi of Netscout

In August 2016, the Mirai botnet dramatically brought concerns around the security of Internet-of-Things (IoT) devices to centre stage. That botnet and associated malware family used devices such as home routers and IP-enabled video cameras to launch a series of high-profile distributed denial of service (DDoS) attacks globally.

While there had been concerns about such devices voiced previously, says Hardik Modi, AVP Engineering – Threat and Mitigation Products, Netscout, these attacks raised awareness on the topic, from security personnel in enterprises to policy makers and standards bodies representing the community at large. Considerable law enforcement focus on the authors of the botnet has resulted in the arrest and prosecutions of a number of actors.

For all that well-intentioned activity, the deployment of vulnerable devices continues in 2019 and many continue to be enrolled into botnets involving malware that are the contemporary successors of Mirai. The Netscout Threat Intelligence team continually monitors the landscape and this commentary is based on findings that we recently published in the Netscout Threat Intelligence Report H1’2019.

Broadly, the classes of devices we see being enrolled in such botnets today are the following: home routers, network attached storage, IP-enabled cameras, and home automation systems. Each of these classes of devices share a few characteristics that make them especially suitable targets:

These are the core factors that we see enabling the landscape the we observe in 2019. Here are the key facts that best summarise the scene:

The gravity of the situation has resulted in a number of initiatives across government, vendors, network operators, enterprises and groups representing civil society. From our vantage point, no single initiative has emerged that promises a systemic fix to the problem, but it’ll likely be a patchwork that provides us with the path forward. The classes of devices that get roped into such botnets and the volume of devices within those classes will only grow – the benefits we reap from these innovations depend on our ability to deploy them securely.

The author is Hardik Modi, AVP Engineering – Threat and Mitigation Products, Netscout.

Comment on this article below or via Twitter @IoTGN