As you plan your defenses against botnet attacks on your organization’s computers and mobile devices, don’t forget to protect your IoT devices as well.
A flood of IoT devices – with little or no built-in security – are now connected to the Internet. Users of these IoT devices may havn’t even set a password on their device. In October 2016, a botnet comprised of an estimated 100,000 unsecured IoT devices took an integral Internet infrastructure provider, Dyn, partially offline.
A Botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allow the attacker access to the device and its connection.
Remember that, in today’s world, Internet-connected devices can include everything from CCTV cameras to remote sensors to GPS-enabled devices.
How Botnets Get Into Your Company
There are several ways in which a botnet might initially enter your organization and spread throughout your infrastructure:
- Email – An employee may open a malicious attachment or follow a link to a website containing malware.
- Web-based – Employees may visit an infected website and download the botnet’s malicious software.
- Social networking apps – A user may interact with a messaging app, link to a malicious website, and infect your network.
- IoT – Any connected device is at risk, not just computers and mobile devices; a botnet attacked 25,000 connected CCTV cameras. “The basic issue is that most IoT devices are ‘Things’ that are meant to do a very specific function,” says Deepindher Singh, founder and CEO of IoT manufacturer 75F. “Once set up, we tend to forget that they’re actually connected to the internet or that they’re actually vulnerable to attacks.”
The Effects of a Botnet Attack
Once the botnet is in your organization, it can result in a denial of service, taking your corporate website out of action. Alternately, botnet attacks can be used to send out a large-scale spam campaign. Significant spam activity slows down your network.
A user might see symptoms of a botnet attack in frequent computer crashes, sluggish performance, high network usage, or the computer fan starting up when the computer is idle.
How to Protect Against Botnets
Here are five ways to help ensure your ‘traditional’ Internet-connected devices and your IoT devices remain secure against botnets:
- Promptly install updates that address vulnerabilities.
- Place primary protection at the gateway, but remember that gateway security may not be enough when mobile users and visitors are connecting inside the gateway. Ensure proper access control and use strong two-factor authentication to protect in these instances.
- Ensure your company security policy covers the use of mobile devices (USB drives, laptops, smartphones) inside your gateway to mitigate against infecting network-connected devices.
- Provide education to your employees on safely accessing and downloading content and the importance of not disabling updates of antivirus and operating system software.
- Conduct an audit of the IoT devices in your company, research their security capabilities, and then put these capabilities to good use. Segregate the IoT network behind IoT gateway devices to reduce the exposure to workstations and servers behind an enterprise or industrial firewall that are at risk of compromise.
The manufacture and use of IoT devices are expected to grow exponentially over the next few years. Consequently, the problem of IoT-based botnets is also likely to grow. “The problem is that these IoT devices are unsecure and likely to remain that way. The economics of internet security don’t trickle down to the IoT,” says Bruce Schneier.