With every revolution comes the difficulty of ruling. 5G is an exciting proposition. It offers higher speeds, lower latency and increased power. All of these should enable greater possibilities for businesses and consumers.
However, these advancements can come at a cost. In the case of 5G, we are looking at the creation of new threat profiles that were not previously possible. Akin to common colds becoming resistant to antibiotics, the combination of new evolving technologies can cause new advances as well as unexpected mutations. This is very much the situation we find developing between 5G and botnets.
We are all aware of the explosion in internet-enabled devices. Experts predict that the IoT market will grow from an installed base of 11.2 billion devices in 2017 to 20.4 billion devices in 2020. That is a lot of potential entry points for malicious actors. The worry is that 5G is accelerating the proliferation of these unsecured devices into every area of life. The consequences could be the creation of botnets on a scale not yet seen. Add to that the increased speed and reduced latency of a 5G network, and you have something potentially formidable.
IoT and 5G are important technological achievements that are changing the world. However, this optimism needs to be tempered with clear thinking and planning if we want to keep up with the consequent evolution of the threat landscape happening at the same time.
How Botnets Form
Unsecured IoT devices form the foundation of many of today’s most malicious Botnets. Botnet spyware or attacks are often underestimated in the threat landscape because they are ‘dumb’ in nature. Rather than needing to utilize advanced techniques or sophisticated network breaches, building botnets relies on less sophisticated hijacking methods such as scanning open networks for vulnerable devices without proper security certifications, or even worse, those that are still using factory-default passwords.
This is why you are likely to hear talk about the proliferation of IoT devices increasing the attack surface. Given the current scale of IoT adoption and deployment, there are a lot of potential targets, touching nearly every individual and industry. And more targets increases the likelihood of Trojans capable of installing spyware, key loggers, and more spreading across organizations.
The most common form of attack botnets are used for is a distributed denial of service (DDoS) attack, where thousand or millions of devices are used to form a swarm of internet-enabled devices that can simultaneously target specific IPs and overwhelm them.
While most Botnets only use brute force attack methods, the problem is that they are still quite effective at achieving their aim: No network can stand up to millions of bots spamming it at the same time. Consequently, botnets remain a popular and active threat. Just in the last few weeks, for example, security experts have delivered warnings that an IoT botnet has been targeting the financial services sector with DDoS attacks in what they believe is the first such campaign since Mirai. And new variations of the Mirai botnet are still being discovered years after the attack against Dyn servers took down the US East Coast.
Multiplying Power of 5G
Botnets do not require the typical hacker skillset to assemble, and yet can cause widespread disruption by taking advantage of the poor security practices of others. However, there is now a growing cause for concern over the way the availability of 5G networks combined with the ready availability of unsecured IoT devices will empower the malicious botnets of the future.
Unlike previous generations, 5G networks take advantage of virtualization and cloud systems. Experts warn this could perpetuate and broaden existing security flaws in mobile networks, potentially leaving them more vulnerable to breaches if not properly secured. Where this becomes even more concerning is how the extra speed and power provided by a 5G backbone might be utilized by a malicious actor. Hackers are about to be handed much more powerful tools, which means that DDoS attacks are likely to increase in scale and frequency, causing untold disruption to business or critical infrastructure.
This adds to importance of ensuring that IoT devices are not easily co-opted into malicious botnets. Building devices with poor security certifications or easily guessable default passwords is like locking your home’s front door but leaving the keys in the lock. In fact, The European Union Agency for Network and Information Security is so concerned with this pattern than they have advocated slowing down IoT deployments until a greater understanding of the situation can be gained.
The hardest work is to prevent these sorts of exposure in the first place. Behavior change, such as individuals updating their devices with secure passwords, or being discerning about which IoT products they buy based on security factors, is an important and effective remedy which we should strive to accelerate. However, education is not enough, as networks are then only as secure as the least aware user. And now, with 5G coming in the next few years—a schedule which leaves us in a ‘tragedy of the commons’ situation—we simply cannot mobilize a change in peoples’ habits quickly enough.
That is why it is essential we demand a greater focus on security by design from IoT device manufacturers. Manufacturers need to design devices with unique passwords out of the box, or at the very least, not a handful of easily guessable combinations. Introducing tougher security protocols, more secure default passwords, and the ability to patch vulnerable devices will certainly result in a reduction in the number of IoT devices being hijacked for botnet purposes.
On the user side of things, good security design must include an inventory of authorized and unauthorized devices within your environment so you can see what you are protecting; limited user privileges and application permissions to only what is required; and exercising good cyber hygiene, such as removing unnecessary services, stamping out vulnerabilities, and maintaining the organization of your network.