Industry Trends

IoT Botnets: Are Your Smart Devices Putting You at Risk?

By Toan Trinh | March 11, 2018

We love our technology.

No one can imagine life without their smartphone today. But there’s so much more than this available on the market now. We have wearable technology such as a smart watches, tablets and laptops, voice activated devices such as Amazon Echo or Google Home, and even smart appliances like refigerators, lighting, air-conditioning, entertainment, and security systems. All of these are known collectively as the IoT (the Internet of Things).

While they are increasingly commonplace and designed for convenience, we often don’t realise that they could also be providing cybercriminals with an easy entry point into your network and systems, opening you up for an attack, or be leveraged as part of a larger network of similar compromised devices, known as an IoT botnet, which can be used to knock businesses offline or disrupt critical online services.

Are your smart devices putting you at risk?

The Age of Smart Devices

Most people understand the potential cybersecurity threat to their computers and software, so they take adequate steps to protect them. However, they often forget all about the array of Smart devices connected directly to the same network your computers run on, and which can offer hackers a backdoor into those systems.

While they seem like cutting edge technologies, the truth is that many of today’s smart devices were never designed or set up to protect themselves from a digital attack, and this makes them vulnerable to a variety of threats and malware, including IoT botnets.

What are IoT botnets?

An IoT botnet is a collection of compromised computers, smart appliances, and Internet-connected devices that have been hijacked and can be used for unapproved or even illegal purposes such as denial of service attacks.

FortiGuard Labs just released our latest Quarterly Threat Landscape report for Q4 of 2017, and in it, we found that three of the top twenty attacks in the final few months of 2017 were from IoT botnets.

While botnets have been around for a while, these new IoT botnets are becoming more advanced by targeting many devices at once, and by using new code that allows them to adapt or auto update as new malware becomes available.

The most obvious targets at businesses include devices like Wi-Fi cameras and security systems, providing an easier avenue into a business’ networked environment by allowing a hacker to circumnavigate around normal precautions that may have been taken.

What causes IoT Devices to be vulnerable?

There are two primary reasons why IoT devices are compromised.

The first there is a lack of regulation around IoT security, meaning that many brands are not obligated to consider cyber threats and ways to protect their devices. As a result, they are often designed with trash code, hardcoded passwords and backdoors, and other design flaws that make compromising them rather trivial.

The second is that few of these IoT manufacturers even have a Product Security and Incident Response Team (PSIRT) in place that can respond quickly to new vulnerabilities. So even if a threat is detected, there is no one to report it and not much can be done about it.

How do you protect yourself?

Smart devices and IoT technologies are being deployed everywhere, both in homes and in businesses. They have revolutionised many processes and improved daily conveniences. However, they also pose a risk to your cybersecurity. Even worse, these risks are increasing and tend to be underestimated.

If you have a few of these devices linked up to a network, it’s best to take the time to be prepared. Make sure you have strong authentication set up at access points so you can see and track devices on your network. Keep an inventory of your devices, including manufacturers and software versions so you can quickly identify vulnerable devices when threats are uncovered. And establish network segmentation and microsegmentation strategies to ensure that at risk devices are kept separate from critical production resources.

To find out more about the risks that IoT devices pose to your organization, download our full Quarterly Threat Landscape report for Q4 of 2017.