Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets

TL;DR

This paper discusses how IoT devices have become vulnerable to botnets, leading to security issues like DDoS attacks, and offers insights into their operation, recent incidents, and mitigation strategies.

Contribution

It provides an overview of IoT botnet anatomy, analyzes recent major DDoS incidents, and suggests remedies and the role of cyber insurance for mitigation.

Findings

IoT devices are often publicly accessible and insecure.

IoT botnets are used in significant DDoS attacks.

Security is frequently an afterthought in IoT design.

Abstract

Internet of Things (IoT) is the next big evolutionary step in the world of internet. The main intention behind the IoT is to enable safer living and risk mitigation on different levels of life. With the advent of IoT botnets, the view towards IoT devices has changed from enabler of enhanced living into Internet of vulnerabilities for cyber criminals. IoT botnets has exposed two different glaring issues, 1) A large number of IoT devices are accessible over public Internet. 2) Security (if considered at all) is often an afterthought in the architecture of many wide spread IoT devices. In this article, we briefly outline the anatomy of the IoT botnets and their basic mode of operations. Some of the major DDoS incidents using IoT botnets in recent times along with the corresponding exploited vulnerabilities will be discussed. We also provide remedies and recommendations to mitigate IoT related cyber risks and briefly illustrate the importance of cyber insurance in the modern connected world.