How Do They Attack?
Since the IoT has experienced tremendous growth over the past few years; one hacking strategy
which is particularly prominent is the influx of DDoS campaigns. IoT devices primarily run
Unix and Linux-based operating systems. This makes it easier for the cybercriminals to trap
them with ELF (executable and linkable format) binaries. This format for files is commonly
found in the firmware of embedded systems. The delivery method of the cyberthreat mainly
looks to infect telnet or SSH (secure shell) network protocols. To hack them, they try multiple
strategies. For instance, they try to exploit hardcoded and default credentials.
Similarly, they can also use a common hacking strategy known as a brute-force attack. Abrute
attack is one in which hackers use automated software to try out a large number of guesses to
figure out the passwords of their victims. Those who do not follow the modern password protec-
tion techniques often find themselves entangled into the quagmire of a brute force attack.
After the successful infiltration, the payload of a cyberattack is received by the infected
device which then adds it in the botnet.
List all the possible ways one can avoid Botnet attacks?
Flash Question
What Makes the IoT Devices a Target of Botnets?
Nowadays cybercriminals are sophisticated and laced with all the modern IT tools. If they are
targeting IoT devices, then they are so rampant because of the following reasons.
It is quite easy for cybercriminals to infect embedded devices due to two factors: the use
of default credentials and exposed services.
IoT devices are primarily 24/7 available, and they are currently experiencing a major adoption.
Many IoT devices are the o-the-shelf oerings; their standards of security are
considerably low. For example, the password of the root user is “root” and the password
of the admin user is “admin”. For a cybercriminal using DDoS or brute force attack, it is
just a matter of minutes to hack such IoT devices. Things remain this way unless a user
decides to put an end and adjust the password.
The cyberthreats which are used in the botnet attacks are formidable enough to guess
default passwords. This does not allow users to safely login.
There is an extensive list of IoT devices which are neither monitored nor maintained
carefully. As a consequence, it becomes a walk in the park for cybercriminals to shut it
down and force it to become a ”digital hostage”.
Cybercriminals view the IoT ecosystem as a cost-eective medium for their
ambitions. A single compromised device can lead to hack hundreds and thousands
of devices. On the other hand, the expenses required to access and control services
while targeting businesses with standard DDoS attacks cost a lot more to organize a
cyberattack.
Monetization
After the success of attacks, particularly Mirai and Bashlite’s, many cybercriminals were
impressed and begun to create their own malware. Consequently, a slew of botnets came into
existence and cybercriminals also started to look for fresh victims.
Chapter 11 Security Challenges for IoT 273
Internet_of_Things_CH11_pp271-308.indd 273 9/3/2019 10:16:19 AM

Get Internet of Things now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.