IoT Botnets and DDoS Attacks: Architecting Against Disaster

IoT networks can both amplify and be the targets of distributed denial of service (DDoS) or botnet attacks. Architect resilient solutions to properly secure your devices.

139
A robot on a colorful background
Illustration: © IoT For All

Cybercriminals have many different ways of exploiting network vulnerabilities and weak spots in our cyber defenses. Considering that the number of devices we use on a daily basis is growing, more avenues of exploitation will be open to cybercriminals — unless we close those pathways.

Distributed Denial of Service, or “DDoS,” attacks on IoT networks via botnets have been especially alarming and difficult to counter. Let’s have a closer look at DDoS attacks, botnets and ways of protecting against them.

Image Credit: Israel Palacio via Unsplash

The Anatomy of a DDoS Attack

A simple principle governs a “denial-of-service” attack: attackers attempt to deny service to legitimate users. Some typical examples might include attackers overwhelming a server or cluster with requests, disrupting everyone’s access to the site or focusing the attack on a particular target who will be denied access.

With DDoS, the attacker usually has one of three goals:

  1. To cause destruction or destructive change to network components
  2. To destroy configuration information
  3. To consume non-renewable or limited resources

DDoS attacks can be performed on their own or as part of a more massive attack on an organization. It usually targets bandwidth or processing resources like memory and CPU cycles. However, the type of DDoS attacks where we often see IoT devices used is a botnet attack.

What Makes a Botnet Attack So Destructive?

A botnet is a group of connected computers that work together on performing repetitive tasks, and it doesn’t necessarily have a malicious purpose. Unfortunately, it’s possible for an attacker to take control of a botnet by infecting a vulnerable device with malware. Then they can use the network as a group of devices to perform DDoS attacks that can be much more dangerous, depending on the number of mechanisms involved. What’s more, since IoT devices often interact in the physical world in ways that other IT devices don’t, it’s difficult to monitor and safeguard them.

If we strive to protect IoT devices the same way we protect our conventional IT devices, there will invariably be faults in the system that cybercriminals might exploit. To eliminate vulnerabilities, we must think of IoT protection in its own terms and take into account the various types of IoT use when we do.

Defending Against an IoT Botnet Attack

Even though the threat of botnets can’t wholly be eradicated, there are still ways to limit the impact and the scope of these attacks by taking preventative actions. One of them is placing IoT devices on a segmented network protected from external traffic. It’s also crucial to start monitoring the systems and invest in developing intrusion detection processes which would go a long way in warning a user that the system is being compromised.

How can each layer of your IoT solution stack be architected not to trust any other part naively? Think about that as you design your solution. Find ways to make your network more resilient. Model botnet attacks and test disaster scenario responses.

In addition to network segmentation and testing, we also shouldn’t forget fundamental security measures, such as timely firmware and software patching and the ability to control who can access a particular device, which every IoT solution should take care of.

The Search for a One-Size-Fits-All Security Solution

IoT is a developing technology that we must make as secure as possible, tempering its frenetic evolution with necessary security protocols and standards. Considering how quickly it’s being woven into our everyday lives, businesses and homes, IoT developers, manufacturers, distributors and consumers must work together to eliminate common IoT vulnerabilities and ensure that each device is as secure as it can be from emerging threats.

Roland Atoui
Roland Atoui is an expert in cybersecurity and the Internet of Things (IoT) having recognized achievements working for companies such as Gemalto and Oracle with a background in both research and industry. From smart cards to smartphones to IoT technologies. Roland is a new technology enthusiast with a current mission to bring trust to the IoT. After following an Executive MBA education at EDHEC business school in France he founded Red Alert Labs – an IoT security firm addressing both technical and commercial cybersecurity challenges in IoT.