After the announcement of the return of Mirai malware (future in Japanese) in March 2019, smart devices have never been so prominent on the cyber scene. Mirai has made her comeback by infecting millions of smart devices to the great displeasure of companies and individuals. The metaphor of the living dead here represents the botnet, which can sleep in connected devices without users noticing. The massive increase in smart devices has provided more gateways for attackers to see the Internet of Things as a means of conducting large-scale attacks. The use of the botnet is mainly malicious and one of the most widespread attacks is the DDoS attack. The purpose of the latter is to prevent the proper functioning of a service, disable it or even block user access to a web server.
Satori, Mirai, Dyn, Emotet, they all have one thing in common, which is to turn the Internet into zombie machines. Connected objects contain many security vulnerabilities that make them the primary targets for botnet. These botnets first target devices that have not been updated regularly by distributing malicious software that spreads in different forms such as a virus, a phishing campaign, malware, website, USB key… The risks are multiple and can affect any user..:
- Collection of information on the workstation
- Identity theft: hackers can collect personal data by posing as someone else
- Blocking access to a web server
- Denial of service attack
The consequences are very real. If we take the example of the Mirai botnet, more than 15,000 attacks have been carried out via smart devices, such as PlayStations, cameras or routers. In total, Mirai infected up to 600,000 smart devices. The most affected countries were Brazil, Colombia and Vietnam. Large companies such as Samsung, Panasonic or Toshiba were involved. Hundreds of American services have been mostly affected such as Paypal, Netflix and Twittter. Connected to the Internet, the Internet of Things is generally used as a bias to conduct such large-scale attacks. However, there are ways to prevent connected objects from being at the heart of a botnet such as changing default passwords and updating firmware.