Security Architecture, Application security, Application security, Endpoint/Device Security, IoT, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

IoT proliferation and widespread 5G: A perfect botnet storm

By now, we’ve heard the many promises of the 5G era. Organizations across industries are poised to take advantage of the enhancements 5G will bring to boost their products and services in ways that were difficult or expensive to achieve using 4G networks. The Internet of Things (IoT) is a big part of this shift, with enterprises planning to use IoT devices to build more responsive and connected products, in order to improve customer experience, expand operations visibility and improve effectiveness.

Of course, we’ve also been duly warned of the equal benefits 5G offers to bad actors. Specifically, there are two characteristics of the IoT proliferation that draw interest from both cyber criminals and nation-state attackers – the sheer volume of IoT devices and their weakened security.

Indeed, the reality of having many more IoT devices than computers opens the door for criminals to develop large botnets with potent attack potential. Furthermore, weak security posture stems from default credentials that people rarely change, along with the lack of software updates to patch discovered vulnerabilities (or, at minimum, difficulty with applying released patches).

As 5G networks roll out, speed and connectivity will give rise to increased security threats, many in the form of advanced botnets. IoT threats aren’t going away – in fact, they’re just getting started.

A Botnet Family Tree

You’ve undoubtedly heard of botnets, a form of self-propagating malware that infects innocent devices and places them under the control of a centralized server. These infected devices are then manipulated by a command-and-control server to enact huge distributed denial-of-service (DDoS) attacks, massive email spam campaigns or cryptomining.

Essentially, a DDoS attack is a botnet’s bread and butter. It relies on the infectious power of botnet malware to infect thousands of devices, using them to create a zombie army and send massive amounts of internet traffic to an intended target. This traffic can then take that target —typically, a popular website or service — offline for a sustainable amount of time.

To understand the true threat of IoT botnets, it’s important to first understand the landscape, including some of the more famous botnets:

  1. Mirai family (including Satori and Miori): This is the botnet that was responsible for blocking access to a good portion of the web when it attacked Dyn DNS service at an unprecedented rate of 1.2Tbps.
  2. Hajime botnet: Showcased an ability to self-update and employed brute force to compromise telnet services on many routers.
  3. Persirai: Debuted the notion of self-defending botnet by deleting its own files and residing in memory and also preventing any future similar attacks by other bots.
  4. BrickerBot: This bot has the unique characteristic to only attack those IoT devices that initiate an attack against it, bricking their device.

So, what does 5G have to do with this? It means more services are pushed to the edge of the network, exposing a wider attack surface than before. Not only will there be more IoT devices, but they will also be more exposed to the internet than in previous generation networks, leaving plenty of opportunities for the botnets to attack.

Preying on the Vulnerable

While botnet attacks can strike anyone at any time, there are specific groups more vulnerable than others. Most industries are especially prone to botnet attacks in the era of 5G, but some have an even bigger target on their backs: health care, smart cities, autonomous vehicles and logistics. Industrial control systems are a particularly attractive target for nation-state attackers.

On the one hand, each can claim substantial benefit in deploying IoT devices. On the other, they also have the most at stake, should those devices become compromised. Today, the damages caused by IoT attacks range from cryptomining in most of the attacks, to disruption of critical infrastructure in some cases.

The health care industry, for example, is a longtime favorite target of cyberattackers. Despite firms’ best efforts, cybersecurity threats are rising and attacks are more successful than ever. In the data center, virtualization and cloud have brought new agility, but modern security technologies have failed to keep pace with evolving threats. As a result, threats can persist unseen inside the network, giving criminals time to carefully plan the theft of high-value information, take medical intellectual property, commit fraud, destroy brand image and disrupt revenue opportunities.

Because it is difficult for IoT devices to self protect, now, more than ever before, is the time for organizations across every vertical to embrace a network-first security approach to stave off these malicious attacks.

Become Threat-Aware

With the proliferation of botnets showing no signs of slowing amidst the imminent rise of IoT devices, it’s crucial organizations adjust their security strategy to keep pace.

Many enterprises have, in recent past, moved towards a zero-trust network, almost getting rid of the perimeter and focusing on end-point protection. This was driven by a more mobile workforce and cloud adoption for enterprise applications. But IoT devices typically do not allow for the installation of any security agent on the device itself, which puts the burden of securing them squarely back onto the network. Today, organizations rely mostly on segmentation to isolate IoT devices. While it’s a good first step, it is not enough by itself. We must enhance our network devices with threat awareness so they can identify attacks or at least infected devices.

To take security precautions to the next level, enterprises should implement software-defined, intelligent infrastructure that expands detection and enforcement beyond the firewall, offering a holistic look into the network to stop threats in their tracks. In other words, with this new era of attacks looming right around the corner, organizations must use 100 percent of the network resources to protect 100 percent of the network.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.