Botnets - a threat to the future of the Internet of things

If you follow the news from the technology world, you've obviously heard many times about the Internet of things (Internet of Things or IoT). With the proliferation of smart home devices - from lighting devices to thermostats and cameras, and the use of other smart solutions in enterprises, the spread of IoT and the problems associated with it, it's becoming increasingly difficult to ignore. When you think about DDoS-attacks, then computers and servers infected with malicious programs and viruses that are controlled by a secret and anonymous server come to mind. However, the largest botnets and associated DDoS attacks that appear recently do not always spread through infected computers, servers or smartphones. Hackers found that it is much easier to compromise a vulnerable IoT device than to try to force a user to click on a malicious link or download an infected file.

Mirai and the later Persirai botnet consisted almost entirely of compromised IoT devices that used the popular built-in Linux BusyBox distribution. These botnets were created using self-replicating malware that, after infection, scanned the Internet in search of other vulnerable devices. These botnets were not built overnight - the data show that over time scanning speeds up, without any attacks right after that. This pattern of infection leads to the fact that the IP addresses of infected Iot devices or Thingbot are removed from many black lists of ISPs and threats.
Updating the firmware of the device is often difficult (or impossible in principle) if the manufacturer is not actively engaged in the release of updates and patches. While a server or laptop with a popular operating system is easily updated, Thingbot has tightly controlled update mechanisms (if any). Trying to update the embedded Linux Busy Box yourself can easily disable the IoT device, since the relationship between the hardware and software is generally strong enough.
To ensure that your home or corporate IoT devices do not become the next victims of viruses, follow these simple steps:

• Know what's on your network. Inventory devices.
• Look for reliable IoT providers (for example, avoid buying security cameras connected to the Internet).
• Disable UPnP in routers at home or in the office.
• Do not use port forwarding or any other ACL firewall.
• Never use the default username and password combination.

A few tips for businesses:

• Monitor outgoing traffic, paying attention to any traffic from IoT-devices.
• Know the firmware versions of the devices used.
• Enable two-factor authentication in addition to other access controls.
• Use advanced WiFi security protocols to authenticate terminals where possible.
• Demand improved security features and default settings from IoT enterprise solution providers.

With the increasing number of DDoS attacks aimed at destroying the infrastructure of enterprises and service providers, it is imperative that each of us do everything possible to ensure the security of all existing Thingbot in our supported networks. Secure Internet is the responsibility of everyone, and it's easy to take on, observing simple security measures.