Botnets have for a very long time been known as the workhorses of the Internet. You definitely have been using them to as connected computer to enhance the performance of a whole lot of repetitive tasks to keep your websites going.
A lot of businesses use them in connection with Internet Relay Chat. Undoubtedly, when used in this manner, botnets are absolutely legal and overwhelmingly beneficial to maintaining a smooth user experience on the Internet.
The story is, however, changing more than you can think of and devastatingly so. Botnets are presently being devised to gain access to your machine through some piece of malicious coding. The resultant effect in this kind of scenario is that your machine is directly hacked.
When this is not the case, a “spider” (a program that crawls the Internet looking for holes in security to exploit) is made to do the hacking automatically. This is a very serious situation that you need to take care of.
Taking into consideration that the internet of things (IoT) will mark the next major revolution for mankind, it becomes of utmost importance that we don’t allow anything that will jeopardize the lives of the greater majority of people. Figures from Statista, say that there will be 31 billion devices connected to the internet by 2025, and from Gartner comes the prediction that the average family home will have 500 smart devices by 2022.
Along the same line, IDC claims that spending on the IoT will reach $745bn in 2019. All these statistics should put you on the path of caution regarding their malicious effects.
Botnets attacks have got to the situation where you must take drastic actions to mitigate them. CenturyLink Threat Research Lab reports an estimated 195,000 of such attacks taking place every day and Accenture on the other hand, puts the average cost at $390,752.
As you go about into the continued expansion of the IoT ecosystem and its applications, you are unwittingly creating more potential access points and weak areas that need to be mitigated. So the question is, how do you go about the mitigation?
Steven Furnell, senior IEEE member and professor of information security at Plymouth University, says, “Devices have shipped either without security, without it enabled, or with universal defaults – all of which render them vulnerable to misuse, including the potential for enlistment within botnets.
“Moving forward, the fundamental point is that IoT devices need to have security available and we cannot leave it to individual users’ discretion about whether to enable it. There have been some positive moves. Last year, the Department for Digital, Culture, Media, and Sport and the National Cyber Security Centre issued a code of practice for the security of consumer IoT devices.”
“This proposes a set of 13 practices that developers, manufacturers, and retailers could adopt to improve security, with the first of these being the elimination of universal defaults for usernames and passwords.”
How do you crack down on botnets?
You definitely don’t have a one-fixes-all solution for mitigating the risk of botnets, there are, however, a number of helpful best practices that you can put in place. Any time you want to deploy an IoT device of any type, the three most important questions you must have behind your mind are,
1. Have you configured strong credential access?
2. What is your update strategy for firmware changes?
3. What URLs and IP address do the device need for its operation?
As you go about the deployment of IoT devices within your business environment, global best practice standard is that you should use VLAN, which is a separate network segment. This will enable your IT teams to identify the known and strange traffic that may impact your devices at any given time.
You will then be able to checkmate the strange traffic and ensure that you are dealing only with network traffic originating from known locations thereby, sidelining all malicious botnets. You can’t stop at the fact that you’ve discovered strange traffic once, it’s very necessary to carry out regular IT audits of IoT networks.
This practice will ensure that from time to time you only have known devices and your device identification will then be mapped back to an asset inventory containing a current list of firmware versions and a list of open source components used within that firmware.
Maintaining such an open-source inventory enables you to quickly understand when an open-source vulnerability impacting a library used within the firmware has a published vulnerability. With this type of steady information, you can always put in place a proactive update and patching model for your corporate IoT devices.
Another thing you gain from a regular inspection of the firmware is the identification of which external APIs (application programming interfaces), URLs, and services the firmware are configured to operate against. You can then go ahead to confirm from the supplier if these endpoints are legitimate with confirmation of their function.
The confirmation puts you in good stead to have firewall restrictions defined for the IoT network that the device associated with the firmware is configured for, thereby allowing the IoT devices access only to their known API dependencies. You may want to consider the task burdensome but the truth is that you are only taking the right steps towards being safe in consistence with the principles of zero trust.
Spencer Young, regional vice-president for Europe, the Middle East, and Africa at security firm Imperva, says the best way to discover and mitigate botnets is to find their command and control (CnC) server. “The most effective way is to look into the communication between the CnC and its bots,” he says.
“Once you start searching for exploit attempts, you can start to pick up possible indicators of botnets. For example, if the same IPs attack the same sites at the same time while simultaneously using the same payloads and attack pattern, it is fairly likely that they’re part of the same botnet.
You mustn’t see investing in the ability to parse your cyber threatscape, successfully identifying botnet attacks, and building an intelligent defense as just a security concern. You should see it as the soul of your business and a frontline business issue.
You must know for certain that the threat of botnets will only increase inasmuch as the connected ecosystem keeps on expanding and new connected technologies enter the market. Even where it may seem that the attackers are often some steps ahead, once you are proactive, your security team can have an edge on occasions.
