By now, we’ve heard the many promises of the 5G era. Organizations across industries are poised to take advantage of the enhancements 5G will bring to boost their products and services in ways that were difficult or expensive to achieve using 4G networks. The Internet of Things (IoT) is a big part of this shift, with enterprises planning to use IoT devices to build more responsive and connected products, in order to improve customer experience, expand operations visibility and improve effectiveness.
Of course, we’ve also been duly warned of the equal benefits
5G offers to bad actors. Specifically, there are two characteristics of the IoT
proliferation that draw interest from both cyber criminals and nation-state
attackers – the sheer volume of IoT devices and their weakened security.
Indeed, the reality of having many more IoT devices than
computers opens the door for criminals to develop large botnets with potent
attack potential. Furthermore, weak security posture stems from default
credentials that people rarely change, along with the lack of software updates
to patch discovered vulnerabilities (or, at minimum, difficulty with applying
5G networks roll out, speed and connectivity will give rise to increased
security threats, many in the form of advanced botnets. IoT threats aren’t
going away – in fact, they’re just getting started.
A Botnet Family Tree
You’ve undoubtedly heard of botnets, a form of
self-propagating malware that infects innocent devices and places them under
the control of a centralized server. These infected devices are then manipulated
by a command-and-control server to enact huge distributed denial-of-service
(DDoS) attacks, massive email spam campaigns or cryptomining.
Essentially, a DDoS attack is a botnet’s bread and butter. It
relies on the infectious power of botnet malware to infect thousands of
devices, using them to create a zombie army and send massive amounts of
internet traffic to an intended target. This traffic can then take that target
—typically, a popular website or service — offline for a sustainable amount of time.
To understand the true threat of IoT botnets, it’s important
to first understand the landscape, including some of the more famous botnets:
- Mirai family (including Satori and Miori):
This is the botnet that was responsible for blocking access to a good portion
of the web when it attacked Dyn DNS service at an unprecedented rate of
- Hajime botnet: Showcased an ability to self-update
and employed brute force to compromise telnet services on many routers.
- Persirai: Debuted the notion of self-defending
botnet by deleting its own files and residing in memory and also preventing any
future similar attacks by other bots.
- BrickerBot: This bot has the unique
characteristic to only attack those IoT devices that initiate an attack against
it, bricking their device.
So, what does 5G have to do with this? It means more
services are pushed to the edge of the network, exposing a wider attack surface
than before. Not only will there be more IoT devices, but they will also be
more exposed to the internet than in previous generation networks, leaving
plenty of opportunities for the botnets to attack.
Preying on the Vulnerable
While botnet attacks can strike anyone at any time, there
are specific groups more vulnerable than others. Most industries are especially
prone to botnet attacks in the era of 5G, but some have an even bigger target
on their backs: health care, smart cities, autonomous vehicles and logistics.
Industrial control systems are a particularly attractive target for
On the one hand, each can claim substantial benefit in
deploying IoT devices. On the other, they also have the most at stake, should
those devices become compromised. Today, the damages caused by IoT attacks
range from cryptomining in most of the attacks, to disruption of critical
infrastructure in some cases.
The health care industry, for example, is a longtime
favorite target of cyberattackers. Despite firms’ best efforts, cybersecurity
threats are rising and attacks are more successful than ever. In the data
center, virtualization and cloud have brought new agility, but modern security
technologies have failed to keep pace with evolving threats. As a result,
threats can persist unseen inside the network, giving criminals time to
carefully plan the theft of high-value information, take medical intellectual
property, commit fraud, destroy brand image and disrupt revenue opportunities.
Because it is difficult for IoT devices to self protect, now,
more than ever before, is the time for organizations across every vertical to
embrace a network-first security approach to stave off these malicious attacks.
With the proliferation of botnets showing no signs of
slowing amidst the imminent rise of IoT devices, it’s crucial organizations
adjust their security strategy to keep pace.
Many enterprises have, in recent past, moved towards a zero-trust
network, almost getting rid of the perimeter and focusing on end-point
protection. This was driven by a more mobile workforce and cloud adoption for
enterprise applications. But IoT devices typically do not allow for the installation
of any security agent on the device itself, which puts the burden of securing
them squarely back onto the network. Today, organizations rely mostly on
segmentation to isolate IoT devices. While it’s a good first step, it is not enough
by itself. We must enhance our network devices with threat awareness so they
can identify attacks or at least infected devices.
To take security precautions to the next level, enterprises
should implement software-defined, intelligent infrastructure that expands
detection and enforcement beyond the firewall, offering a holistic look into
the network to stop threats in their tracks. In other words, with this new era
of attacks looming right around the corner, organizations must use 100 percent
of the network resources to protect 100 percent of the network.