Chapter 3: The Mirai botnet case: Is IoT Network segmentation the solution?

Chapter 3: The Mirai botnet case: Is IoT Network segmentation the solution?

84% of organizations that have adopted IoT have experienced an IoT-related security breach. That is a massive proportion.

Regarding commodity IoT, Gartner estimates that 40% of these devices are used for botnet attacks. 

So, should you give up IoT altogether? Of course not. 

The many benefits of IoT deployment greatly outweigh the risks. Automation, efficiency, and increased bottom line are just a few of them. Rather than asking why expose yourself to risk, we should be discussing how to do it safely

Only a few options are available for securing IoT devices, but you only need one anyway. IoT network segmentation is an efficient defense mechanism against the most significant known threats, such as the Mirai Botnet attack and ransomware. 

Mirai Botnet attack

Using a combination of botnet and malware, Paras Jha and Josiah White made history by launching the largest-ever DDoS attack. The so-called Mirai Botnet attack was since dubbed the “king of IoT malware.”

Years later, Mirai is still mutating and spawning variations at such speed and complexity that we no longer talk about it as a single attack but as a malware framework. 

It all started back in 2016 when a college student and his friend wrote a piece of code and used it to attack the university. In the second event, they targeted the servers hosting Minecraft - a game played by 40 million users. They made the code public to hide the source by publishing it online in September 2016. The Mirai is still unleashed and wreaking havoc on IoT.

The most significant Mirai botnet attack in history happened shortly after Jha and his friend made it public. In October 2016, an organized attack on Dyn servers brought down most of the internet in the US, including CNN, Reddit, Netflix, Guardian, and Twitter. In 2018, One of Mirai’s variants was among the first software to start attacking vulnerable ARC processors on Linux-based devices. 

So, how does Mirai work? 

Mirai is so invasive because it spreads by exploiting weak or contaminated IoT devices. It enters the network through devices with default credentials and then uses them to search for new victims (1). Upon discovering new vulnerable targets and instructing exploit (2), it loads a .bot configuration file (3) and converts new victims into Mirai bots (4). Mirai is impossible to stop because it doesn’t only contaminate its victims but also turns them into disease-spreading devices. Once it’s infected enough IoT devices to do serious damage, Mirai launches a DDoS attack (6) by overwhelming servers or websites with more traffic than they can handle. What makes it even more dangerous is that it can launch simultaneous attacks on multiple unrelated targets.

The viral nature of the Mirai bot is not lost on security-savvy organizations. Many have protocols for changing default credentials, implementing proper patching and updating, and applying access controls. Can that keep Mirai at bay? For a little while, yes. Does it stand any chance against the Mirai framework? Hardly.

Mirai must be fought systematically, with an equally complex model and architecture that detects faulty devices before the opponent does. 

How Mirai botnet attack spreads through the IoT environment
How Mirai botnet attack spreads through the IoT environment

IoT ransomware

Also known as R4IoT, ransomware for IoT is a hypothetical ransomware that proves how unpatched IoT devices can provide an entryway for criminals to move laterally through the network.

Ransomware for IoT was distributed through everyday IoT devices, such as cameras, from where it went on to compromise more complex devices in corporate networks, such as machines in heavy-duty industries. The unhappy conclusion is attackers can hold critical business processes hostage, all because of an outdated patch.

Though nerve-racking and budget-breaking, Mirai Botnet attacks, IoT ransomware, and similar cybersecurity catastrophes are precious teaching moments that we need to utilize to adapt cyber security best practices. Thanks to these attacks, we’ve already learned a lot about the vulnerabilities of these devices.

In the last article of this IoT blog series article, we will share our view on how can IoT network segmentation set boundaries for a secure IoT framework.

Read Chapter 4

Discover more about Cloudi-Fi's solutions

Sources: 

Source 1 - by the financial time : https://www.ft.com/content/2c17ff5e-4f02-11e8-ac41-759eee1efb74

Source2 - By Techjury: https://techjury.net/blog/internet-of-things-statistics/#gref

Source 3 - by the Guardian https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet

Source 4 - by CS online https://www.csoonline.com/article/3247794/mirai-okiru-new-ddos-botnet-targets-arc-based-iot-devices.html

Source 4 - by the Hacker news: https://thehackernews.com/2022/06/researchers-demonstrate-ransomware-for.html#:~:text=Called%20Ransomware%20for%20IoT%20or,%5Boperational%20technology%5D%20network.%22

Related articles
Chapter 1: How does IoT device segmentation benefit your Wi-Fi infrastructure network?
Chapter 2: What are the identified IoT vulnerabilities that could hamper your IoT operations?
Chapter 4: How can IoT Network segmentation help set boundaries for a secure IoT framework?
All articles