IOT & The raise of Botnet Attacks

Before reading this article, just take a minute to look for what are all the devices that you own! From mobile devices to (cell phones, tablets etc.) to Smart home connected electronics (like Routers, wireless printers, smart speakers, refrigerators, washing machines etc.). Just think, do we really need that many devices! For just the sake of “convenience” & “lazy” we are leveraging cyber attackers to use our devices to take down a system (DDoS attacks) and be a part of that crime ring without our intentions or acknowledgement.

The Internet of Things (IoT) describes the network of physical objects—“things”—that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet. There's an incredibly broad range of ‘things’ that fall under the IoT umbrella: Internet-connected ‘smart’ versions of traditional appliances such as refrigerators and light bulbs; gadgets that could only exist in an internet-enabled world such as Alexa-style digital assistants; and internet-enabled sensors that are transforming factories, healthcare, transportation, distribution centers and farms.

The IoT brings web availability, information handling and investigation to the universe of actual articles. For shoppers, this implies connecting with the worldwide data network without the go-between of a console and screen. In big business settings, IoT can carry the very efficiencies to assembling cycles and conveyance frameworks that the web has long conveyed to information work. Billions of implanted web empowered sensors overall give an unquestionably rich arrangement of information that organizations can use to work on the wellbeing of their tasks, track resources and decrease manual cycles.

Information from machines can be utilized to foresee whether gear will separate, giving makers preemptive guidance to forestall extended lengths of personal time. Scientists can likewise utilize IoT gadgets to accumulate information about client inclinations and conduct, however that can have serious ramifications for protection and security.

So, how big is IOT?

There were in excess of 50 billion IoT gadgets in 2020, and those gadgets created 4.4 zettabytes of information. (A zettabyte is a trillion gigabytes.) By examination, in 2013 IoT gadgets produced a simple 100 billion gigabytes. How much cash to be made in the IoT market is also stunning; gauges on the worth of the market in 2025 territory from $1.6 trillion to $14.4 trillion.

In its Global IoT Market Forecast, IoT Analytics Research predicts there will be 27 billion dynamic IoT connections (barring PCs, workstations, telephones, cellphones, and tablets) by 2025. Be that as it may, the organization brought down its conjecture in light of the continuous chip deficiency, which it hopes to affect the quantity of associated IoT gadgets past 2023.

Understanding, what are IoT applications?

Business-prepared, SaaS IoT Applications

IoT Intelligent Applications are prebuilt software-as-a-Service (SaaS) applications that can investigate and introduce caught IoT sensor information to business clients through dashboards.

IoT applications use AI algorithms to examine gigantic measures of associated sensor information in the cloud. Utilizing continuous IoT dashboards and alarms, you gain perceivability into key execution pointers, measurements for mean time among disappointments, and other data. AI based calculations can distinguish gear inconsistencies and send cautions to clients and, surprisingly, trigger mechanized fixes or proactive counter measures. With cloud based IoT applications, business clients can rapidly improve existing cycles for supply chains, client support, HR, and monetary administrations. There's compelling reason need to reproduce whole business processes.

Some other applications are in:

1. Manufacturing Industry – Product Monitoring
2. Tracking of Physical Assets
3. Human wearables – health monitoring
4. Geo-tagging & environmental conditions etc.

As we see, IOT covers a vast area under manufacturing, automotive, transport & logistics, retail, healthcare and so on... and most of the business decisions are dependent on this technology.

IoT security and vulnerabilities

IoT gadgets have procured a terrible standing with regards to security. Laptops and cell phones are "general use" computers intended to keep going for quite a long time, with complex, easy to understand OSes that presently have robotized fixing and security highlights worked in. IoT gadgets, on the other hand, are in many cases essential devices with stripped-down OSes. They are intended for individual assignments and negligible human association, and can't be fixed, observed, or refreshed. Since numerous IoT gadgets are at last running a rendition of Linux in the engine with different organization ports accessible, they make enticing focuses for programmers.

Maybe nothing showed this more than the Mirai botnet, which was made by a young person telnetting into home surveillance cameras and child screens that had easy to-figure default passwords, and which wound up sending off one of history's biggest DDoS assaults.

Coming to Bots/Botneck Attack:

A bot is a software program that performs an automated task. These tasks are usually repetitive and run without interaction. Bots make up 38% of all internet traffic, with bad bots generating one in five website requests. Bad bots perform malicious tasks that allow an attacker to remotely take control over an affected computer. Once infected, these machines may also be referred to as zombies. These days, bad bots are big business, with cybercriminals around the world using them to fraudulently access accounts, attack networks, and steal data.?

There are many types of malware that infect end-user devices, with the objective of enlisting them into a botnet. Any device that becomes infected starts communicating with a Command and Control (C&C) center and can perform automated activities under the attacker’s central control.

Many threat actors are actively engaged in building massive botnets, with the biggest ones spanning millions of computers. Often, the botnet can grow itself, for example by using infected devices to send out spam emails, which can infect more machines.

Botnet owners use them for large-scale malicious activity, commonly Distributed Denial of Service (DDoS) attacks. Botnets can also be used for any other malicious bot activity, such as spam bots or social bots.

Types of Bots:

There are many types of bots active on the Internet, both legitimate and malicious. Below are several common examples.

Spider Bots

Spider bots, also known as web spiders or crawlers, browse the web by following hyperlinks, with the objective of retrieving and indexing web content. Spiders download HTML and other resources, such as CSS, JavaScript, and images, and use them to process site content.

If you have many web pages, you can place a robots.txt file in the root of your web server, and provide instructions to bots, specifying which parts of your site they can crawl, and how frequently.

Scraper Bots

Scrapers are bots that read data from websites with the objective of saving them offline and enabling their reuse. This may take the form of scraping the entire content of web pages or scraping web content to obtain specific data points, such as names and prices of products on eCommerce sites.

Web scraping is a gray area -in some cases, scraping is legitimate and may be permitted by website owners. In other cases, bot operators may be violating website terms of use, or worse—leveraging scraping to steal sensitive or copyrighted content.

Spam Bots

A spambot is an Internet application designed to gather email addresses for spam mailing lists. A spam bot can gather emails from websites, social media websites, businesses and organizations, leveraging the distinctive format of email addresses.

After attackers have amassed a large list of email addresses, they can use them not only to send spam email, but also for other nefarious purposes:

Credential cracking—pairing emails with common passwords to gain unauthorized access to accounts.

Apart from the direct damage caused to end-users and organizations affected by spam campaigns, spam bots can also choke server bandwidth and increase costs for Internet Service Providers (ISPs).

Social Media Bots

Bots are operated on social media networks, and used to automatically generate messages, advocate ideas, act as a follower of users, and as fake accounts to gain followers themselves. It is estimated that 9-15% of Twitter accounts are social bots.

Social bots can be used to infiltrate groups of people and used to propagate specific ideas. Since there is no strict regulation governing their activity, social bots play a major role in online public opinion.

Social bots can create fake accounts (although this is becoming more difficult as social networks become more sophisticated), amplify the bot operator’s message, and generate fake followers/likes. It is difficult to identify and mitigate social bots, because they can exhibit very similar behavior to that of real users.

Download Bots

Download bots are automated programs that can be used to automatically download software or mobile apps. They can be used to influence download statistics, for example to gain more downloads on popular app stores and help new apps get to the top of the charts. They can also be used to attack download sites, creating fake downloads as part of an application-layer Denial of Service (DoS) attack.

Ticketing Bots

Ticketing Bots are an automated way to purchase tickets to popular events, with the aim of reselling those tickets for a profit. This activity is illegal in many countries, and even if not prohibited by law, it is an annoyance to event organizers, ticket sellers and consumers.

Ticketing bots tend to be very sophisticated, emulating the same behaviors as human ticket buyers. In many ticketing domains, the proportion of tickets purchased by automated bots ranges between 40-95%.

How To Detect Bot Traffic in Web Analytics?

Following are a few parameters you can use in a manual check of your web analytics, to detect bot traffic hitting a website:

1. Traffic trends—abnormal spikes in traffic might indicate bots hitting the site. This is particularly true if the traffic occurs during odd hours.
2. Bounce rate—abnormal highs or lows may be a sign of bad bots. For example, bots that hit a specific page on the site and then switch IP will appear to have 100% bounce.
3. Traffic sources—during a malicious attack, the primary channel sending traffic is “direct” traffic and the traffic will consist of new users and sessions.
4. Server performance—a slowdown in server performance may be a sign of bots.
5. Suspicious IPs/geo-locations—an increase in activity to an unknown IP range or a region you do not do business in. Suspicious hits from single IPs—a big number of hits from a single IP. Humans typically request a few pages and not others, whereas bots will often request all pages.
6. Language sources—seeing hits from other languages your customers do not typically use.

All the above discussed criterions are only rough indicators of bot activity. Be aware that sophisticated malicious bots can generate a realistic, user-like signature in your web analytics. It is advisable to use a dedicated bot management solution that provides full visibility of bot traffic.

How to Stop Bot Traffic: Basic Mitigation Measures

There are a few simple measures you can take to block at least some bots and reduce your exposure to bad bots:

1. Place robots.txt in the root of your website to define which bots can access your website. Keep in mind, this is only effective for managing the crawl patterns of legitimate bots and will not protect against malicious bot activity.
2. Add CAPTCHA on sign-up, comment, or download forms. Many publishers and premium websites place CAPTCHA to prevent download or spam bots.
3. Set a JavaScript alert to notify you of bot traffic. Having contextual JavaScript in place can act as a buzzer and alert you whenever it sees a bot or similar element entering a website.

All in all, as a security professional you can do as simple as following few practices at home:

1. Turn off your Wi-Fi when you are going for a trip/vacation.
2. Patch your Router/networking devices with latest updates.
3. Keep an eye on all the devices connected and remove them from network if you feel they are not necessary. Remember you can always connect with single click of a button.

Remember don't be lazy... just kidding, it's always your decision and your choice of being entitled to! No apologies - No regrets - No hard feelings.

Thanks for reading...