Beware: Zombie IoT Botnets

The ghosts and ghouls of October have come and gone, but the dangers lurking behind virtual walls have hardly disappeared. The threat of zombie bots is real, and it exists 365 days out of the year. Zombie bots, or devices that are taken over by hackers to disseminate different types of malware, viruses, or spam to other Internet-connected gadgets, are no longer limited to just home computers. As executed in the Mirai botnet attack, they’ve expanded into the world of IoT connected devices, too.

Adding to their complexity, zombie bots are not just limited to one feature or attack; they can be morphed into whatever their ‘master’ wants them to be. From logging keystrokes or searching through files to updating malware and downloading more malware onto an infected device, zombie botnets are ever-evolving.

To a hacker, zombie bots are more effective and infinitely stronger when they band together.  And so one by one, cybercriminals work to spread their malware of choice to devices to form an army of zombie bots, also known as a botnet. Massive botnets are used in distributed denial of service (DDoS) attacks, which are among the most intimidating types of attacks of which zombie botnet armies are capable. DDoS attacks are growing in number and severity; one report found that they’ve increased by 29% since Q2 2017, with the average attack size having increased by 543% to 26.37 Gbps.

The increase in DDoS attacks is attributed to large scale botnets comprised of insecure IoT devices. The adoption of IoT devices shows no signs of slowing down either. Today, there are currently 23.14 billion IoT devices worldwide. That number is predicted to grow exponentially just in the next 7 years to approximately 75.44 billion by 2025.

New variations of the Mirai and Gafgyt botnets exploit vulnerabilities found in IoT devices, including the security flaw that led to the massive Equifax breach of 2017. Just this past month, a botnet by the name of Chalubo was discovered by security researchers. By targeting poorly-secured IoT devices and servers, the Chalubo botnet compromises users’ devices for the purpose of executing a DDoS attack. Researchers also found that this botnet had copied a few code snippets from Mirai, demonstrating that cybercriminals have realized how effective this type of attack is.

So, why the rise in DDoS and other IoT botnet attacks? IoT devices like security cameras, smart lights, DVRs, and routers are particularly easy to remotely access because they often come with factory-set admin password setups, and many of us never change them to something more secure.  Our collective accumulation of connected devices shows no sign of slowing down, and without proper security in place, they are vulnerable to attacks. And what’s particularly troubling is that more often than not, zombie botnet armies operate in the shadows, unbeknownst to their owners.

Put simply, with more IoT devices in use, the risk of botnets increases, as does the need for awareness around this very real and potentially debilitating cyberthreat. While cybercriminals continue to try and leverage our own devices against us, the best way to protect your devices is through education and security best practices:

  • Keep your security software up-to-date. Whether it’s anti-virus, anti-spyware, or overall security, always keep your security solutions up-to-date. Software and firmware patches are ever-evolving and are made to combat newly discovered vulnerabilities, so be sure to update every time you’re prompted to.
  • Change your device’s factory security settings. When it comes to products, many manufacturers don’t think “security first.” That’s to say, your device can be vulnerable as soon as you open the box. By changing the factory settings you’re instantly upping your device’s security.
  • Proceed with caution when opening emails with file attachments or hyperlinks. One of the most common ways your device can become infected is by clicking on a bad link or attachment, through phishing or click fraud attempts. As a preventative safety measure, avoid engaging with suspicious messages altogether. You can often tell if the email is a hacking attempt if there is awkward language, improper spelling, or other signs. It’s a good idea to send spam directly to the trash.
  • Setup a separate IoT network. Consider setting up a second network for your IoT devices that doesn’t share access to your other devices and data. Check your router manufacturer’s website to learn how. Or, consider getting a router with built-in security features, making it easier to protect all the devices in your home from one access point.
  • Use a firewall. A firewall is a tool that monitors traffic between an Internet connection and devices to detect unusual or suspicious behavior. Even if a device is infected, a firewall can keep a potential attacker from accessing all the other devices on the same network. When looking for comprehensive security solution, to see if a Firewall is included to ensure that your devices are protected.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from

Back to top