Even before the COVID-19 pandemic made remote work a new norm, McKinsey research predicted that the number of devices connected over the Internet of Things (IoT) would nearly triple between 2018 and 2023.
While that's great news for convenience and efficiency, it could be bad news for cyber security. IoT devices are notoriously vulnerable when neglected, and threat actors are taking advantage. Among the tools at their disposal, the IoT botnet is one to watch out for.
What are botnet attacks?
A portmanteau combining the words "robot" and "network," botnet is the term used for a group of hijacked devices. In a botnet attack, hundreds of devices are loaded with malware and used for malicious activities such as distributed denial of service (DDoS) attacks and spam distribution or to validate credentials for account takeovers.
If your device or network has been taken over by malware that turns it into a zombie (a device that the attacker controls), you'll notice performance issues. For example, you may find you can't access your website, are suddenly bombed with spam and pop-ups, or are dealing with sluggish performance.
IoT isn't the only vector for this style of attack. Because bots can launch thousands of attacks simultaneously, hackers use them to find as many vulnerabilities in as little time as possible. Many of the threat actors are part of crime syndicates or nation-state organizations that are highly sophisticated, and botnets are a popular attack vector because they are inexpensive to launch with a potentially high payout.
The malware Mirai made news in 2016 as the first major botnet to take advantage of IoT botnet devices. Now, according to research from the European Union Agency for Cybersecurity, Mirai variants increased by 57% in 2019; while the original Mirai showed its impact with DDoS attacks, today's attacks are more targeted, with 60% focused on credential stuffing. The 2020 Verizon Data Breach Investigations Report found 103,699 botnet incidents on laptops and desktop computers, primarily targeting the financial, information and professional services industry verticals.
The end game for threat actors is the financial payoff—they are looking for ways to get into your network and gain access to data and valuable assets. Bots are used for spam bombing, often with malware, to collect credentials and other personal information, which is in turn either sold on the dark web or used to gain deeper access into a network. Botnets can take over computers to mine cryptocurrency, benefitting the hacker while slowing down the productivity of the computer's owner.
They are also a risk to critical infrastructure. A nation-state actor could launch an attack against a country's power grid, for example, and shut it down as an act of cyber warfare.