Application Security , Cloud Security , Mobile Devices , Towerwall in the News ,

Botnets: Is your network really protected?

By Michelle Drolet
27 Mar 2017

Security is taking a backseat as more and more devices connect to the internet

The tech world moves at a tremendous pace, unleashing wave after wave of innovation intended to improve our everyday lives. Many new devices, from security cameras to fridges, or TVs to baby monitors, are now internet connected. This affords us remote access and facilitates the collection of data, which is ostensibly used to make our systems “smarter.”

However, it also opens new doors into our offices and homes through which hackers can come uninvited.

There were around 6.4 billion connected things in use worldwide in 2016, and that’s set to grow to 8.4 billion this year, according to Gartner. There’s no doubt that the Internet of Things (IoT) will bring many benefits, but it also brings greater risk.

Awareness is growing, but everyone needs to take steps to secure IoT devices.

Hacking your IoT devices

Security has yet to catch up with the IoT trend. A couple years ago, an HP study found that 70 percent of IoT devices were vulnerable to attack. You may wonder how hackers gain access to these devices in the first place. Often, it’s because default passwords and credentials are used. In some cases, devices are woefully insecure by design with administrator logins that have been baked into the firmware.

The success of the Mirai DDoS botnets, which took control of devices such as routers, DVRs and digital cameras, was based on malware that scans a broad range of IP addresses and tries to log in to devices using default usernames and passwords. A botnet of more than half a million devices was assembled to attack one of the key domain name service providers, Dyn. It took down large parts of the internet last October, impacting major websites, including eBay, Amazon, Netflix, PayPal, Reddit and Spotify.

Devices are also frequently hacked through phishing emails, where users are tricked into opening attachments or clicking links that install malware or redirect them to false website fronts designed to steal their credentials. Malware can even be delivered through an old USB drive, so don’t be tempted to plug one in if you find it lying around and don’t know where it came from. Curiosity can kill the cat. For years we’ve seen cases of people picking up USB fobs in parking lots dropped there on purpose by the bad guys.

Building botnets

Hackers seize control of vast numbers of devices quite quickly and build botnets, which are networks of thousands, or even hundreds of thousands, of devices. They use these botnets to carry out volumetric attacks that flood target websites or servers with traffic, sometimes managing to make them completely inaccessible for normal folks. They may also be used to send spam, scan for further vulnerabilities, exfiltrate stolen data, or conduct brute force attacks.

These botnets often span the globe, and the devices often lack static IP addresses, so it’s very difficult to reliably identify them and block them. There’s little indication for the victim that their device has been infected and is now being used for nefarious activities.

To make matters worse, many hackers are just looking to turn a quick profit, so they offer botnets for hire to anyone willing to pay. Since the malware required to build a botnet can be bought, or a botnet can be rented directly, there’s no real skill barrier to deploying one.

Defending your networks

You’ll need to do some homework to make sure your network is safe. To start, make sure you change the default passwords that come with your IoT devices. This is an easy first step, but it’s not enough. You should also look into the manufacturer and be vigilant for admin credentials that are hardwired in the firmware.

The next thing you need is a decent firewall and a security platform that scans your network in real time and analyzes traffic to uncover threats. Look for malicious traffic detection, botnet detection, and command and control call-home traffic detection. You want a system that can identify suspicious traffic and highlight an infected host quickly, then isolate it until you can take action.

We must also bring more scrutiny to bear on IoT device manufacturers and software developers. If we don’t collectively start taking security more seriously, the IoT could be our downfall.

 

This article was originally posted on Network World >