• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

IoT Botnets Are Evolving – How Big Can They Get?

February 20, 2018 By Marc Laliberte

iot botnet monsterThat’s a question many in the security industry have been asking themselves. IoT botnets are networks of insecure IoT devices like webcams and DVRs that have been taken over by a piece of malware and controlled by a single attacker. This nefarious practice grabbed the spotlight in 2016 when the Mirai botnet disrupted internet usage across the East Coast of the United States, hitting internet hosting provider OVH and KrebsOnSecurity with record-breaking DDoS attacks. Researchers’ estimates on Mirai’s size vary from 800,000 infected devices to 2.5 million.

But Mirai was only the beginning. IoT botnets are cheap and easy to amass, thanks to the poor or nonexistent security controls of most IoT devices. In fact, Spamhaus estimates that botnet command and control (C2C) servers more than doubled from 393 in 2016 to 943 in 2017. Gartner predicts that there will be 20.4 billion IoT devices in use by 2020, so there will be even more potential bots for attacker to abuse over the coming years.

IoT botnet malware continues to transform, as many new IoT botnets have been spotted in the wild. The Reaper botnet, which infects devices by leveraging several known vulnerabilities rather than using a list of common passwords like Mirai, controls 28,000 devices and approximately 2 million devices are vulnerable based on the vulnerabilities it exploits. A recent botnet named Hide ‘n Seek has 24,000 bots and uses a new peer-to-peer method of spreading itself. The Hajime botnet has infected 300,000 IoT devices. The Satori botnet, based on the Mirai source code, grabbed 280,000 bots in a 12-hour period! Another Mirai variant called Okiru targets ARC processors and could potentially infect 1.5 billion devices based on researcher’s estimates.

So how big can the next major botnet get? That’s a difficult question to answer with any degree of certainty. But many of the new botnets named above have the potential to grow as large or larger than Mirai, and as more insecure IoT devices are produced, that potential size is only going to increase. If we don’t add better security to our IoT devices, they will only create larger botnets. It’s not a matter of if a botnet attack will top Mirai, it’s when.  –Marc Laliberte

Share This:

Related

Filed Under: Editorial Articles, Featured

Comments

  1. Ondrej Prenek says

    April 29, 2020 at 12:52 pm

    What are the references? I’m doing a research about botnets and I’m looking for number of vulnerable devices per each botnet family. Thank you!

    Reply
    • Marc Laliberte says

      April 29, 2020 at 2:05 pm

      Hey There,

      The lower-bound for Mirai infections was from a CloudFlare post at the time. The upper bound was from McAfee’s threat report – https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-mar-2017.pdf

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use