Towards the end of October 2016, a huge cyber attack took down the Internet in many parts of the world. It was caused by a DDoS attack made by an IoT botnet. But what is an IoT botnet, and how can it make such a huge DDoS attack? In this article, we will take a deeper look into that.
What is an IoT botnet?
A botnet is a group of Internet-connected devices controlled by attackers for illicit purposes. It can be used to steal users’ sensitive information, send spam, generate false traffic to malicious websites using click fraud, or launch a DDoS attack to suspend service or an entire network indefinitely.
IoT includes dedicated computers, healthcare devices like cardiac implant monitors, household and industrial appliances, automobiles, mechanical sensors, and other smart appliances. When attackers hack IoT devices to create a botnet and exploit it for malicious purposes, like launching a DDoS attack, the botnet is called an IoT botnet.
To create an IoT botnet, attackers usually infect a group of IoT devices with malware and gain unauthorized access to them. These hacked devices are called zombies. The attackers then create a network of these hacked zombie devices and control them to exploit their computation power for illicit purposes, like making a DDoS attack. (What is a botnet?)
What is a DDoS attack?
A DoS or Denial of Service Attack is an attack perpetrated to make a target machine or network resource unavailable for its intended users. This attack usually suspends the service of a host connected to the Internet temporarily or indefinitely.
DDoS, or Distributed Denial of Service Attack, is a DoS attack in which the attack comes from multiple sources having different IP addresses. It is perpetrated using several source IP addresses. Using IP address spoofing, the attackers normally hide their own IP addresses, making it extremely hard to catch them. (How to protect servers from DoS and DDoS attacks?)
How are IoT botnets used to make DDoS attacks?
A very good example of an IoT botnet is the botnet which affected websites from Twitter to Reddit on October 21, 2016. Attackers used malware named “Mirai” to infect IoT devices and created a huge botnet out of them. The IoT botnet was then used to launch a DDoS attack on the servers of Dyn, which provides a dynamic DNS service named DynDNS.
The attackers first scanned for IoT systems with default usernames and passwords or systems configured with weak credentials. Such IoT systems were then infected with Mirai malware and made part of an IoT botnet. Mirai could break into a wide range of IoT devices, from CCTV cameras to DVRs to other smart home appliances, and turn the devices into bots. Attackers created nearly half a million …
0 Comments