December 5, 2018updated 12 Aug 2019 2:08pm

Rise of the IoT botnet: The problem in securing hundreds of billions of connected devices

By Priya Kantaria

Nokia has discovered a surge in the number of malware botnets within networks over the last two years.

Botnet activity, which is a collection of outsider-controlled devices (bots), on the Internet of Things, the name of the system of electronic devices that connect and share data, now represents 78% of malicious software detections.

It is double the rate of IoT botnet activity detected in 2016 when those attacks started in significant numbers.

Bots now make up 16% of infected IoT devices in 2018, while a year ago, only 3.5% of infected devices were being used as IoT bots.

IoT botnets

Credit: Nokia

5G and larger IoT means more botnets

The danger of malware-infected devices being used as bots is that the attacker can access and control the device, gaining access to private data or using its connection to other devices to build a botnet and take control of other significant devices.

Nokia predicts that botnet malware and other forms of malware used against IoT devices, which can include smart TVs, appliances and cameras, will get worse as consumers accelerate their use of internet-connected equipment, especially with 5G just around the corner.

For example, malware-infected crypto mining is a form of bot activity expected to grow from high-end servers with specialised processors to smartphones and into IoT.

Cybercriminals have smarter tools now to scan for and exploit devices, and they have new tools for spreading malware and bypassing firewalls that cybersecurity experts have to design against.

“The problem with securing hundreds of billions of connected devices is that we must secure hundreds of billions of connected devices.”

Nokia’s Threat Intelligence Lab director Kevin McNamee said: “Cybercriminals are switching gears from the traditional computer and smartphone ecosystems and now targeting the growing number of vulnerable IoT devices that are being deployed.

“You have thousands of IoT device manufacturers wanting to move products fast to market and, unfortunately, security is often an afterthought.”

Cybereason co-founder and chief visionary officer Yossi Naar said: “The problem with securing hundreds of billions of connected devices is that we must secure hundreds of billions of connected devices.

“That may seem obvious and slightly nonsensical, but it is the vast attack surface and the potential complexity of the IoT device security challenge that has us all concerned.”

Infamous botnets since 2016

The Mirai botnet in 2016 was an army of bots based in the US. Attackers scanned the internet for open Telnet ports and then used default passwords to log in and take over routers and IP cameras in the hundreds of thousands.

There was also the Satori IoT malware in 2017 that gave an attacker control over a botnet of 100,000 routers, and, according to Cybereason, the LizardStresser botnet’s creator took over 1,300 internet-enabled cameras to add to an existing botnet of infected machines.

Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: