2022 Gartner® Magic Quadrant™ SIEM
Get the reportMore
As DevSecOps continues to redefine the IT security landscape, security is becoming everyone’s responsibility. That means that staying ahead of the latest cybersecurity threats—such as IoT botnets—should be a priority for every DevOps professional.
To help you do that, this article discusses strategies for combating IoT botnets.
Botnets are nothing new. For decades, attackers have been taking over other people’s computers or servers and using them to send spam, execute DDoS attacks and perform other nefarious acts.
However, the advent of the Internet of Things (IoT) has given rise to a new type of botnet—one that is composed not of compromised PCs and servers, but IoT devices.
It’s easy to understand why IoT botnets pose a serious cybersecurity challenge. For one, there are many more IoT devices out there for attackers to take over: Gartner predicts that there will be more than 8 billion IoT devices in 2020, compared to only about 2 billion PCs.
A second challenge is that IoT devices often control critical functionality. The threat from a traditional botnet is limited mostly to overloading websites and filling email inboxes with spam. In contrast, an IoT botnet composed of (as an example) smart traffic lights could be used to shut down a city’s traffic signaling system, causing a great deal of real-world chaos.
Finally, because some IoT botnets include devices like cameras and microphones, they create particularly challenging data privacy threats. They could steal intellectual property and terrify consumers by collecting private information about them.
The challenge is clear. What’s the solution?
At a basic level, of course, it involves designing and implementing secure IoT hardware and software. But if your organization is deploying IoT devices today, you may not have much control over built-in security features. In that position, the best you can do is assume that your IoT devices are inherently insecure, then take steps to mitigate the risk of their becoming part of an IoT botnet, as well as to minimize the damage they can cause if they do.
[Read More: Threat Hunting]
The following strategies can help you do this.
Not all IoT devices need to be connected to the public Internet. If your company is a retailer and deploys IoT sensors to help manage inventory, for example, you can probably connect those sensors to internal applications without exposing them to the Internet.
Whenever you can prevent or limit IoT network exposure, do so. This will greatly reduce the risk that your devices will end up on an IoT botnet, since intruders would have to find a way into internal networks before they could take over devices.
It should go without saying that keeping IoT software up-to-date is crucial for preventing IoT device breaches. However, given that IoT devices are often not handled by the automatic update tools and workflows that most organizations have in place to manage patches for more traditional types of infrastructure, it can be easy to forget about IoT software updates.
Although there is not yet a good universal update management solution for the IoT, your device vendor may provide one that supports your IoT infrastructure. And even if you have to do updates manually, it’s worth the time and pain to do them. Preventing an IoT botnet is a lot easier than combating one after the fact.
In the technology world, we tend to believe that more is always better. And that’s often true. If your servers have more memory and disk space than they need at the time that you create them, the extra capacity will probably come in handy down the road. Similarly, users tend to want applications that offer lots of features.
But when it comes to IoT devices, more functionality is not always better—It’s a potential security risk. If your IoT devices don’t need cameras, don’t buy IoT devices with cameras (or disable the cameras in firmware if you can). If they don’t need microphones, do the same. Every unnecessary hardware component or software feature creates an additional potential attack vector, as well as another potential way for attackers to do something bad with an IoT botnet.
The types and volume of log data generated by IoT devices varies widely depending on the devices you use. So do the methods for analyzing IoT logs.
In most cases, however, your IoT devices will generate at least some kind of log data. Aggregating and analyzing these logs is one way to detect unusual activity that might signal a security breach or IoT botnet.
IoT botnets are a cybersecurity threat that is not likely to disappear anytime soon. On the contrary, as the number of IoT devices continues to grow, the threat will grow with it.
In a perfect world, IoT designers and programmers will write bug-free code that makes devices immune to security threats. But in the real world, there are steps DevOps engineers can take to minimize the risk that the devices they manage will end up on an IoT botnet.
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.Start free trial
Observability has become one of the most important areas of your application and infrastructure landscape, and the market has an abundance of tools available that seem to do what you need. In reality, however, most products – especially leading open-source based products – were created to solve a single problem extremely well, and have added additional supporting functionality to become a more robust solution; but the non-core functionality is rarely best of breed. Examples of these are Prometheus and Grafana.