Hyve logo

Discuss your hosting requirements with us today

The rise of DDoS botnets

According to data from IoT Analytics, there are around 7 billion IoT devices in the world

Hyve Managed Hosting

featured image

DDoS attack
Imperva recently revealed that an unnamed streaming service was hit by a DDoS attack that lasted over 13 days, carried out by a botnet of over 400,000 IoT devices. The attack started around April 24th this year and hit the service with approximately 292,000 requests per second, making it one of the largest layer 7 DDoS attacks on record.

What is a botnet?
A botnet refers to a group of internet-connected (IoT) devices that have been infected with malware, bringing them under the control of a malicious actor. Botnets can be employed to carry out malicious or illegal acts such as sending spam, stealing data, fraudulently clicking on ads or, most commonly, distributed denial-of-service (DDoS) attacks.

Whilst some malware, such as ransomware, has a direct impact on the infected device, DDoS botnet malware has different levels of visibility. Often DDoS botnet malware runs silently in the background awaiting instructions from the hacker to begin the attack. This makes it very harder for device owners to know when their devices are infected.

How are botnets formed?
Devices can become infected with DDoS botnet malware in several different ways, including the exploitation of website vulnerabilities, Trojan horse malware, and taking advantage of weak authentication to gain remote access. Infected devices can recruit other hardware devices in the surrounding network to join the botnet. Once infected, the device can be remotely controlled by the operator of the botnet.

How is a botnet controlled?
A key feature of a botnet is the ability to receive instruction remotely from the botnet operator. This allows the attacker to initiate and terminate a DDoS attack. Botnet designs vary, but can be broken down into two general categories:

  • The client/server botnet model: Each device is programmed to connect to a centralized server, known as a command-and-control centre (CnC) in order to receive instructions. The attacker only needs to modify the source material that the CnC serves to update instructions to the infected machines. To stop a botnet with a centralized server, only the central server needs to be disrupted. Due to this vulnerability, botnet malware evolved and moved towards a new model that is less susceptible to disruption.
  • Peer-to-peer botnet model: Peer-to-peer botnets have a random organization and operate without a CnC server. Opposed to communicating with the CnC server, all the bots connect and instruct with one another. Decentralizing the botnet means that the detection of a single bot cannot lead to the entire network being taken down.

Protect your devices
Below, we have outlined several steps that you can take to secure your IoT devices and prevent them from being recruited by botnet operators.

  • Secure passwords: Make sure that you change your IoT devices passwords from the default settings. Use strong passwords with a combination of lower case and uppercase characters and numbers and symbols. This prevents just anyone from taking over as the device administrator.
  • System wipe/restore: It is often not possible to tell if your device is infected with DDoS botnet malware. Restoring devices to a known good state after a set time will remove any malware infecting the device.
  • Disable unused features: Features on game consoles such as ‘Universal Plug and Play’ allows you to connect and play with other users via the internet. However, these features also allow hackers from outside your network to detect your devices and exploit certain vulnerabilities. Ensuring that these features are switched off when not in use will help protect your device.
  • Use security software: IoT devices often come with built-in security, yet these default security features are often weak compared to third-party security software. Installing extra security features will help to protect your IoT devices. For example, installing a VPN on your router will work to protect your IoT devices by hiding your true IP address making it harder for hackers to target your devices.
  • Stay up to date: Updates for IoT devices often include security updates to patch issues that have just been discovered. If you don’t install updates, you run the risk of your devices being exploited and turned into bots.

How do you ensure the security of your IoT devices? Let us know in the comments below or on Twitter @Hyve!

Get cloud insights to your inbox

Email icon
Alert icon
check circle

By submitting your email, you consent to the processing of your personal data for the purposes of receiving Inbox Insights emails. View our privacy policy for full details.

Discover our Security Services

Security services are one of the most important investments for your business. Whatever your needs, ...

Find out more

Insights related to Blog

Cloud specialist eyes further international growth
Read our insight
How our Hyve Germany headquarters supports customers
Read our insight
telephone
Background image

Get in touch

Alert icon
check circle
Alert icon
check circle
Alert icon
check circle
Email icon
Alert icon
check circle
Lock icon

We don't send spam to our users

Alert icon
check circle

0 of 4000 max characters

telephone