Editorial N° 11 – The botnet as-a-service is on the rise!

    The IoT has now become a priority target for computer attacks, particularly because they are used to feed huge botnet networks. Indeed, these networks of zombie machines have been in the news all the time, from the first IoT botnet, TheMoon, to the latest botnet of the Subby hacker, who has taken control of more than 29 IoT botnets. Hackers are diversifying botnets to make them more functional and extremely volatile.

It was really during September 2016 that the botnet threat materialized. First of all, it is the website of the American blogger Brian Krebs, who had to face a massive DDos attack. “We were used to seeing attacks that could exceed 350 Gbps of malicious traffic. But it exceeded 650 Gbps, twice as much volume. And all this without using a reflection process based on DNS or NTP!” argued John Summers, security director at Akamai. Two weeks later, it was OVH’s turn to be hit by a DDoS attack with a record volume of 1 Tbps.

Since then, Botnet Mirai has proven its nuisance potential by overthrowing the infrastructure of DynDNS, a dynamic DNS company widely used by major Silicon Valley services such as Twitter. For several hours, many websites were inaccessible. One thing is certain, the threat remains current and new versions are discovered every year.

Any object connected to the Internet is potentially vulnerable. If the Internet of Things explodes, it is normal that the number of vulnerabilities also explodes and that cybercriminals seize it. Due to the large number of IoT devices connected to the Internet, this creates a massive attack surface. Gartner estimates that by 2020 there will be 50 billion connected objects, attackers can easily and quickly search for vulnerable devices and accumulate large botnets.

The evolution of botnet usage is not the only one that has boosted the cyberattack sector. As the Agence nationale de la sécurité des systèmes d’information (ANSSI) points out, the threat is growing and hackers are increasingly innovative, competent and better funded. But the majority of attacks remain invisible, which is perhaps the biggest concern for cyber security professionals.

In the era of botnet-as-a-service and new uses related to 5G, global operators to work together with other key cybersecurity actors to constantly improve the level of visibility on malicious actors and take concrete actions to stop botnet networks.