IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

IoT botnets are on the rise and 5G isn’t helping anything

Botnets are more common and coming in more diverse strains than ever before

The detection of IoT botnets is at an all-time high and the number of varieties is also steadily rising - two trends that are showing no signs of slowing down.

That's according to Kevin McNamee, director of threat intelligence at Nokia who added that the advent of 5G 'creates more problems than it solves'.

Referencing figures from Nokia's 2019 Threat Intelligence Report, McNamee said the telecoms giant observed 78% of botnets carried active malware, 35% of which shared similarities in either code or attack methodology with 2016's Mirai.

The hugely successful Mirai botnet in 2016 which was responsible for one of the biggest DDoS attacks in history, has inspired a wide portfolio of newer iterations that are pervasively proliferating.

Satori and Reaper botnets are examples of the more malicious variants which succeeded Mirai, while Hajime copied Mirai's attack methodology to plug the vulnerabilities its malicious predecessor exploited in the first place - a bot for good.

Researchers at Unit 42 announced in March that they had discovered another new variant of Mirai that had an updated attack methodology, a wider-reaching attack surface which specifically targeted enterprise IoT devices.

Any device that's visible on the open internet right now can be targeted by an IoT botnet and if it has a vulnerability as well, then it will be hacked within minutes, said McNamee, and the advent of 5G complicates things further.

While the next generation of mobile networking has its cyber security advantages, such as network slicing, it also presents issues that could exacerbate the already growing botnet bother.

"Now with 5G, we're going to be moving to much more devices, bigger networks, higher bandwidth and probably the carriers are going to make decisions around what IP addresses to use and likely they'll use IPv6 addresses [rather than the current IPv4 ones]," said McNamee. "So there is the potential to make the wrong decisions that you're opening up the attack surface by making those devices visible."

He also noted that due to more IoT devices becoming potentially visible, it means that bots can recruit more devices through which it can launch offensives like DDoS attacks. These can then become far more damaging than before due to the larger bandwidth that 5G affords.

"More IoT devices means bigger botnets," he said. "So nowadays, when you see a botnet of 100,000 bots, think five years down the road, [we could see] a botnet of 1 million, 2 million or 10 million bots."

In addition, the ability for a 5G network to be 'sliced' or segmented by the carrier might also present problems that it otherwise intends to solve.

Network slicing is emblematic of classic cyber security best practice: segmenting different parts of a network so attackers can't move across the whole company. Alongside the more inherently secure and encrypted 5G control plane, the slicing capability gives businesses an added layer of network security and a way of mitigating the negative possibilities of attacks exploiting higher bandwidths.

However, segmenting the network can also make an attacker's job easier by signposting where the information they want resides. It's like the context page of a textbook indicating the page of a topic but also the pages on which you can easily find different sub-topics.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

25 Jun 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022