• Hidden

The Rise of IoT Botnets

The Rise of IoT Botnets

share this

Neena Kapur is a 2017 WiSe Cohort Member

The issue of internet of things (IoT) botnets is a security issue that has already surfaced in 2016, and will likely only grow in severity as different actors in the cyber realm leverage the technology for their own purposes. While, at this point, IoT botnets have primarily been used by low-level actors for the purpose demonstrating their capabilities or testing out the tool, it is only a matter of time before cybercriminals and hacktivist groups adopt the tactic to carry out politically or financially motivated large-scale attacks.


A bot is defined as a computer or internet-connected device that is infected with malware and controlled by a central command-and-control (C2) server. A botnet is the term used for all devices controlled by the C2 server, and they can be used to carry out large scale distributed denial of service (DDoS) attacks against websites, resulting in an overload of traffic on the website that renders it unusable. The chain works as such: a malicious actor targets hundreds of devices with a specific malware; vulnerable devices become infected and are under the control of the C2 server; the C2 server uses the infected devices together generate large floods of traffic targeting a specific website.


Although botnets comprised of IoT devices—internet connected devices such as home routers, closed circuit television (CCTV) cameras, and DVRs—are not a new phenomenon, the emergence of what is called the Mirai botnet in late 2016 demonstrated a new scale of DDoS attack that can be launched from this type of botnet. IoT botnets were first publicly reported on in January 2015, and in June 2016 another IoT botnet, likely infected by the same malware as those in 2015, was also identified. These botnets were composed of hundreds of infected IoT devices and launched attacks upwards of 400 Gbps—that is VERY big! However, the Mirai botnet in late 2016 displayed how truly large IoT botnets can be come, as botnets created using Mirai malware (which, by the way, has been leaked and is now available in open source) were composed of thousands of devices and launched attacks exceeding 600 Gbps.


The emergence of IoT botnets is a security concern because it gives non-state sponsored actors, such as cybercriminals or politically motivated actors called “hacktivists,” cyber capabilities with strengths similar to those of state-sponsored actors, who have historically been the most sophisticated actors operating in the cyber realm. Most source codes for various IoT botnet malware is publicly available, and the “vulnerabilities” in the IoT devices that are exploited to install the malware are hardly vulnerabilities; rather, they are negligence on the part of users to change default passwords on the devices. If the passwords are not changed, then the malware can easily target and infect the device by brute-forcing devices. This means that companies manufacturing targeted IoT cannot release uniform fixes to address the issues. Thus, lower level actors who acquire the source code suddenly have the power to launch large scale DDoS attacks using only basic infrastructure.

The use of IoT botnets by cybercriminals or hacktivists increases the number of actors who can carry out large scale attacks against critical infrastructure, and often cybercriminals and hacktivists are less discriminate in their targets than state-sponsored actors. While state-sponsored actors have specific targets usually for the purpose of cyber espionage, cybercriminals will likely use IoT botnets for extortion purposes by launching a DDoS attack against “targets of opportunity,” until that target either mitigates the attack or pays them to stop, meaning that any vulnerable organization in the public or private sector is fair game; for hacktivists, the targeting is even less discriminate, as they often take down large numbers of websites of organizations they view as opposed to a certain political cause they are advocating for, which puts private companies supporting critical infrastructure, government organizations, and other high-value organizations at risk.

IoT botnets will likely be a notable cybersecurity concern in the next few decades as different actors with different motivations use them to carry out largescale attacks. Further, each month more vulnerabilities are identified in various IoT devices, suggesting that in the years to come, additional types of IoT devices will be targets of botnet operators, resulting in stronger, more sophisticated botnet attacks.

1 Comment

  1. This is a wonderful read as we get virtually face to face with this all new form of hackers paradigm cyber attack which seems to be the pioneer behind WannaCry ransomware attack and most latest petya cyber attack. Thanks for this nice post!

Comments are closed.

Stay up to date!

Join our mailing list to receive weekly newsletters and exclusive invites to upcoming events.

You have Successfully Subscribed!