IoT Botnets: Why the Next Mirai Could Be WorseResearcher Allison Nixon Analyzes Exploitation of Devices Lacking Security Protection
Cybercriminals are exploiting and using weak IoT devices in new ways, including as proxies for e-commerce fraud, says Allison Nixon of Unit 221b, who predicts that the next mass attack leveraging IoT botnets on the scale of Mirai will likely be way worse.
See Also: The Weaponization of IoT Devices
Botnets are incredibly useful for cybercriminals and also very difficult to take down. Cybercriminals are including IoT devices in the botnets because they often use default passwords and have unpatched security vulnerabilities.
In 2016, massive distributed denial-of-service attacks originated with the Mirai IoT worm, which underscored the seriousness of connected device security problems (see: Mirai Co-Author Gets House Arrest, $8.6 Million Fine).
In the latest trend, Nixon says, cybercriminals are now using IoT devices as proxies to avoid e-commerce anti-fraud payment features.
"From the perspective of the criminal bot herder, they don't really see things in terms of refrigerators, routers or things like that," Nixon says. "They see things in terms of what is the network interface they're interacting with. If a refrigerator has a public exposed service and that publicly exposed service is available to the whole internet, then it's just a matter of the bot owner finding the exploit to take over the machine."
In this video interview, Nixon discusses:
- How cybercriminals are exploiting and using weak IoT devices in new ways;
- How cybercriminal botnet activity is investigated;
- Why the security of connected devices remains a concern.
Nixon is chief research officer with Unit 221b, a New York-based cybersecurity company. She has expertise in penetration testing, incident response, cybercriminal investigations and DDoS attacks. Her research and investigation into the Mirai botnet and subsequent DDoS attacks garnered her an FBI Director's Award in 2016. Nixon, who has presented at the Black Hat security conference, previously worked as director of security research for Flashpoint and at Deloitte, NTT Com Security and Dell Secureworks.