Assessing the risk of IoT botnets to enterprise networks

The integration of internet-of-things technologies into enterprise workflows is growing more profound by the day, with companies across the world hoping to make their operations more efficient, intuitive and cost-effective. For many organizations, the deployment of IoT devices has posed significant challenges in terms of planning, maintenance and security. These implementation barriers, however, have not slowed down the rate of adoption - a 2018 survey from Deloitte found that 94% of executives believe digital transformation is a top strategic priority, and IoT is often a part of this process. But to harness the full potential of emerging business tech, enterprises must carefully consider the risks posed by IoT devices, both secured and unsecured.

What is an IoT botnet?
While many IT professionals are acutely aware of the risks posed by malware, phishing scams and brute-force attacks, botnets are often lower on the list of possible threat vectors. According to the cybersecurity firm Trend Micro, a botnet is a network of compromised computers and internet-connected devices that are under the control of an unauthorized user or cybercriminal. In most cases, these computing devices are infected with a special form of malware that gives hostile actors completely control over how they operate (along with any data being transmitted). Utilizing remote execution strategies, hackers can coordinate large-scale DDoS attacks, establish crypto-mining operations and interrupt the flow of critical information.

To better understand how cybercriminals leverage botnets, and the frequency of such attacks, IT experts often create "honeypots" - computer systems that mimic likely enterprise targets - that act as lightning rods for malicious actors. Between Jan. and July 2018, Kaspersky Labs registered more than 12 million attacks on their honeypots from 86,560 unique IP addresses. The most common infection vectors were Telnet passwords (75.40%) and SSH (11.59%), though other, more advanced methods were used in 13.01% of cases. Considering the potential financial and reputational damage that can be caused by a serious botnet attack, enterprises must take precautions to insulate their networks from these types of threats.

Even a single unsecured device can allow cyber criminals to establish a foothold in corporate networks.

Learning from past botnet attacks
One of the surest ways to assess an organization's level of risk is to understand previous botnet attacks, particularly those that lead to major business interruptions. Generally speaking, cyberattacks on IoT devices have increased by around 300% in 2019 alone, according to research from F-Secure. This trend is largely the result of lackluster or absent device-level security protocols and a lack of awareness on the part of IT administrators. Most IoT devices do have any protective firmware or cybersecurity features built in by manufacturers, which leaves them highly vulnerable to targeted attacks. Here are a few of the most high-profile botnet incidents that have occurred over the past decade:

• Bashlite: Considered a precursor to many modern botnet variants, this strain of malware first appeared in 2016 when less was known about this type of cyberattack method, according to Krebs on Security. What made this particular incident notable was the speed by which it took over key command and control servers - Bashlite was designed to constantly scan the internet for other vulnerable devices it could add to its growing botnet.

• Methbot: Touted as the "largest digital ad fraud of all time," this malware strain was able to acquire thousands of IP addresses from ISPs based in the U.S., according to Forbes. The creators of Methbot then established more than 6,000 domains and over 250,000 distinct URLs as part of an elaborate fraud scheme that impacted publishers like ESPN and Vogue. Using their botnet, the cybercriminals were able to earn millions by racking up around 30 million video ad views per day through compromised websites.

• Mirai: This botnet first gained notoriety in 2016, when it was able to launch a record-breaking number of DDoS attacks on enterprises, SMBs and even video game developers, CSO Online reported. While Mirai specifically targeted consumer devices - internet routers, DVRs, etc. - it also prioritized closed-circuit television cameras that many organizations use to keep their premises safe and secure. This botnet strain managed to completely take down the network infrastructure of service providers across the East Coast, resulting in significant outages and unplanned downtime.

One reason these types of cyber attacks are so troubling is that, even after a botnet has been mitigated, the malware that created it is usually still out in the wild. For example, while Mirai wreaked havoc back in 2016, new strains have surfaced that are more complex and resilient, ZDNet reported. As such, any enterprise network security plan must account for the possibility of repeat attacks.

To remain adaptable in the face of both existing and emerging cyber threats, enterprises must ensure their network infrastructure is secure, reliable and flexible. Perle offers robust networking equipment such as Ethernet switches and serial-to-Ethernet converters that can keep your organization running at peak efficiency. Read some of our customers' success stories to learn more.