Bitdefender

Whether you need protection for a single device, smart home, small business or Enterprise datacenter, Bitdefender delivers the best security and performance. Learn more

Are persistent bots permanently rooted in your smart home?

IoT botnets have been known for quite a while, but they gained household infamy after Mirai grabbed the headlines back in 2016.

IoT botnets have been known for quite a while, but they gained household infamy after Mirai grabbed the headlines back in 2016. The tremendous attack against DNS service Dyn is believed to have originated from nearly 100,000 infected devices. Since then, the security research community has kept an eye on any developments in IoT botnets, analyzing the dynamics of device infestation, how devices inadvertently “change” owners and what vulnerabilities are being exploited to hijack them.

Persistent malware is a game changer inside the smart home

Today, several IoT botnets are fighing each other to amass armies of devices to launch  devastating DDoS attacks against various targets. The competition is fierce, as one major drawback of IoT malware is its lack of persistence. A bot infection can only be exploited for as long as the malware’s code is loaded into the memory, which means that device reboots and power loss are enough to clean the device up. This makes botnet growth a sysiphic task; while harvesting new devices, others escape slavery through power loss or reboots.

Now botnet operators seem to have taken their creations a step further, as new persistent bots are being discovered. In May 2018, Bitdefender identified Hide and Seek, the first IoT botnet with device persistence, closely followed by Cisco’s discovery of VPNFilter – a piece of malware with more advanced survival capabilities. And this changes everything.

According to Bitdefender’s real-time telemetry, routers are the most-targeted devices in the IoT space, with half of all consumer routers suffering at least one important security vulnerability. In addition to routers, NAS devices and network attached printers are affected by vulnerabilities that allow a third party to illicitly take control of the device. And, given the recent developments in persistence,  it is only a matter of time until hackers gain a permanent foothold inside the smart home.

Prevention is key

In most cases, infected “things” show few signs of compromise, and early advice to IoT owners was limited to just reboot or power-cycle the device from time to time for some rudimentary “cleanup”. But now, more than ever, prevention is key.

The most important action a smart home owner can take is to ensure your devices are clear of known vulnerabilities and misconfiguration. This is very difficult to do manually -- unless you are a professional who reads vulnerability disclosure sites every day, chances are you’ll never learn about any vulnerabilities that affect your connected devices at home.

This is why automated vulnerability assessment technologies running on security hubs for the smart home are now a must-have. It helps you stay in the know whenever one of your devices (router included) has security issues or is poorly secured, and it helps you take reparatory action. If a newer firmware version is available for the affected device, install it. If it isn’t, ask your vendor to provide one. And, ultimately, if the vendor refuses to help, you at least know it’s time to get a device from a vendor that takes security seriously.

Fully fledged security solutions for IoT devices such as the Bitdefender BOX have arrived on the market in the past few years, and have quickly become the recommended way to secure smart things. The Bitdefender BOX, for instance, features several security layers that complement the Vulnerability Assessment feature to make sure your smart stronghold does not get compromised. The high-performance hardware doesn’t just move your packets across the network – it also allows for anomaly detection, traffic filtering and visibility into the vulnerable devices on your premises.

But even if you don’t have a Bitdefender BOX security hub at home, there is an additional way to check your home devices for vulnerabilities for free. All it takes is a Windows PC and the free Home Scanner application that lets you sweep your devices — particularly your router — for vulnerabilities you don’t know about.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags botnetsvpnDDoS attacksDDos Protection serviceIoTvunerability

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

IDG Online Staff

PC World
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?