Imperva recently revealed that an unnamed streaming service was hit by a DDoS attack that lasted over 13 days, carried out by a botnet of over 400,000 IoT devices. The attack started around April 24th this year and hit the service with approximately 292,000 requests per second, making it one of the largest layer 7 DDoS attacks on record.
What is a botnet?
A botnet refers to a group of internet-connected (IoT) devices that have been infected with malware, bringing them under the control of a malicious actor. Botnets can be employed to carry out malicious or illegal acts such as sending spam, stealing data, fraudulently clicking on ads or, most commonly, distributed denial-of-service (DDoS) attacks.
Whilst some malware, such as ransomware, has a direct impact on the infected device, DDoS botnet malware has different levels of visibility. Often DDoS botnet malware runs silently in the background awaiting instructions from the hacker to begin the attack. This makes it very harder for device owners to know when their devices are infected.
How are botnets formed?
Devices can become infected with DDoS botnet malware in several different ways, including the exploitation of website vulnerabilities, Trojan horse malware, and taking advantage of weak authentication to gain remote access. Infected devices can recruit other hardware devices in the surrounding network to join the botnet. Once infected, the device can be remotely controlled by the operator of the botnet.
How is a botnet controlled?
A key feature of a botnet is the ability to receive instruction remotely from the botnet operator. This allows the attacker to initiate and terminate a DDoS attack. Botnet designs vary, but can be broken down into two general categories:
- The client/server botnet model: Each device is programmed to connect to a centralized server, known as a command-and-control centre (CnC) in order to receive instructions. The attacker only needs to modify the source material that the CnC serves to update instructions to the infected machines. To stop a botnet with a centralized server, only the central server needs to be disrupted. Due to this vulnerability, botnet malware evolved and moved towards a new model that is less susceptible to disruption.
- Peer-to-peer botnet model: Peer-to-peer botnets have a random organization and operate without a CnC server. Opposed to communicating with the CnC server, all the bots connect and instruct with one another. Decentralizing the botnet means that the detection of a single bot cannot lead to the entire network being taken down.
Protect your devices
Below, we have outlined several steps that you can take to secure your IoT devices and prevent them from being recruited by botnet operators.
- Secure passwords: Make sure that you change your IoT devices passwords from the default settings. Use strong passwords with a combination of lower case and uppercase characters and numbers and symbols. This prevents just anyone from taking over as the device administrator.
- System wipe/restore: It is often not possible to tell if your device is infected with DDoS botnet malware. Restoring devices to a known good state after a set time will remove any malware infecting the device.
- Disable unused features: Features on game consoles such as ‘Universal Plug and Play’ allows you to connect and play with other users via the internet. However, these features also allow hackers from outside your network to detect your devices and exploit certain vulnerabilities. Ensuring that these features are switched off when not in use will help protect your device.
- Use security software: IoT devices often come with built-in security, yet these default security features are often weak compared to third-party security software. Installing extra security features will help to protect your IoT devices. For example, installing a VPN on your router will work to protect your IoT devices by hiding your true IP address making it harder for hackers to target your devices.
- Stay up to date: Updates for IoT devices often include security updates to patch issues that have just been discovered. If you don’t install updates, you run the risk of your devices being exploited and turned into bots.
How do you ensure the security of your IoT devices? Let us know in the comments below or on Twitter @Hyve!