August 8, 2019

Re-Emerging Mirai-Like Botnets Are Threatening IoT Security in 2019

The re-emergence of Mirai botnet variants shows us that, despite the explosive growth of the IoT sector, we're still missing standards for the overall security of an IoT ecosystem.

Without a single shadow of a doubt, the reemergence of the notorious Mirai botnet in the IoT infrastructure presents some grave challenges for security developers as well as forces us to reflect on the state of security of IoT in 2019.

While such unethical malware attacks are now widely regarded as the online version of real-life crimes and the cybercriminals as the counterparts of their real-life partners, the scope and target of these types of attacks makes them either noticeable or unnoticeable.

In the case of Mirai botnet, the 2016-founded malware program has been continuously successful in grabbing the attention of the IoT world and the enterprise IoT sector which makes it a huge concern for IT firms. So, with a recurrence of Mirai malware attacks in IoT infrastructure, where does the state of security in IoT stand now?

A Brief History of Mirai and Its Turbulent Relationship With IoT

Mirai malware was written by three programmers: Paras Jha, Dalton Norman and Josiah White. It was first discovered in 2016 by a malware research group called MalwareMustDie. In the same year, Mirai malware became a globally recognized threat when it accumulated one of the worst and most massive DDoS (denial-of-service) attacks in history; Mirai closed down a pivotal US dynamic host service providing company which triggered a widespread internet outage in the US and Europe.

In 2016, Mirai returned again with an impactful attack on a renowned American security journalist Brian Krebs “Krebs on Security” blog site. It locked down the entire website for almost four days and costing the owners around $323, 000.

Now, despite being arrested and sentenced by a U.S. Court, the authors did manage to make the source code public on a hacking forum online, and this actually triggered the creation of numerous Mirai botnet types since 2016. However, the thing that’s worrisome about all those developed Mirai malware variants is this: their target was mostly consumer-level IoT devices, but recorded a serious shift towards enterprise IoT sector from 2017 and all the way into 2019.

Why have Mirai botnets mostly been targeting the IoT industry, let alone a shift towards enterprise IoT? And what can an IoT service provider possibly do to keep this online viral plague away from its IoT ecosystem? To answer the first question, the growing adoption and rise of IoT technology make it an obvious target for notorious online malware like Mirai.

The answer to the second question isn’t so straight forward, but simple to understand theoretically. Keep your IoT network, and every device on it, tightly encrypted with modern IoT-specific encryption techniques. This statement leads us to the second immediate concern of this narrative: what security standards are there in IoT technology in 2019 to combat severe malware and virus attacks online? Let’s shed a bit of light on this.

The State of IoT Security in 2019

Despite great advancements and breakthroughs over the last decade or so, it’s quite unfortunate to admit that the problem of ideal security architecture and standards are still largely missing for the thriving IoT sector. According to the words of Joe Weiss, a consultant with Applied Control Solution and the Managing Director of ISA99:

“It’s 2019! How can we be in this place? We haven’t made much progress with security at all. We’ve made lots of progress monitoring the networks and almost nothing about what we were supposed to do in the first place.”

This statement isn’t an exaggeration, and there are good reasons to say so. For instance, a sensor is one of the most widely used/deployed forms of IoT hardware. Many manufacturers are using cheap, low-capability processors for IoT hardware that aren’t capable enough to sustain the additional load forced by the latest encryption techniques. This results in a dangerous lack of security for an IoT ecosystem of devices. If we see this lack of concern for security in billions and trillions of deployed IoT devices, we sure have a delicious meal ready for the hungry wild pack of viruses and malware online to strike.

The reason for this, according to Paul Bevan – Research Director of IT Infrastructure at Bloor Research – is the cost. He says that to keep the costs down and profits higher, companies that are creating small-scale IoT sensors are not using adequate hardware components and benchmarking to accommodate powerful security encryption requirements. Obviously, this has to be changed or else we will have a gigantic area of the internet, specifically the enterprise sector, which is completely open for bad players online to play their games at their own will.

Although Transaction Processing Performance (TPC) has given a universal benchmarking standard for all kinds of IoT gateways evaluation, still the need for a succinct and truly overall undeniable pack of security standards for IoT networks and devices is a must. If we take a close look at how the Mirai malware successfully breaches the IoT device’s integrity, we can easily find out we’re lacking effective security protocols at the core.

For example, a Mirai malware works on the “command injection attack” format. A Command Injection Attack uses unsafe accessing credentials in various forms such as cookies, forms, HTTP protocol, etc., to enter and manipulate an operating system’s “Shell” file. It then manipulates the entire OS central command directive and implements/executes attacker-supplied commends in the system. These kinds of attacks are only possible when there’s an insufficient or incapable validation process existing in a system. In our case, this can be an IoT ecosystem or an IoT network.

So, if we don’t build hardware/software powerful and capable enough to self-evaluate, validate and implement complex encryption for the command-level operating system, the data breach in the form of Mirai attacks or others is inevitable. Considering the seriousness such a situation can create and the current state of security in the rapidly growing IoT sector, it’s about time that the “think tanks” in the IoT world sit down and discuss how to bring about an innovative and novel approach in order to combat any threats seeking to annihilate the growing IoT sector. Once we can be proud of our security standards in IoT, nothing can stop us from reaping the remarkable benefits this amazing technology has to offer.