The Rise of the Botnets – don’t be a victim

The Rise of the Botnets – don’t be a victim

The UK National Trading Standards agency (NTS) have released a report detailing the risks to consumers around the new trend for smart and connected devices around the house. These are becoming more prevalent in many everyday devices, for example, TVs, fridges, lights, thermostats and voice-activated home assistants. They are often referred to as Internet of Things, or IoT.

The report highlights the fact that as more devices are connected, the new opportunities (aka the attack surface) for criminals to attack these devices increase.

 But the risk of poor security on these devices is not just limited to stealing your own data or other localised effects – these internet-enabled devices are also being used as pawns in a much larger-scale type of attack.  The Mirai malware, which appeared in late 2016, infected insecure IoT devices to work as a botnet to launch DDoS attacks against many high-profile targets. One of the victims was a large internet infrastructure company in the US, which took down internet access for millions of people and the websites of some major corporations. More recently (Oct ’17), another strain of IoT malware called Reaper or IoT Troop has been detected, which uses some of the code from Mirai, but with additional sophisticated methods built in – techniques which could allow it to amass a botnet larger even than Mirai.

 The EU Agency for Network and Information security (ENISA) have been working with industry to agree a common position on cybersecurity for these connected devices. They published a paper which focuses on four main areas to baseline and improve security: standardisation & certification; security processes & services; security requirements & implementation; and the economic dimensions. Their hope is that this new framework will provide guidance to manufacturers on building security into these devices by default. It should also provide consumers with confidence and easy comparison of the security levels of their prospective new devices.

 This increase in the attack surface is not only an issue for the public as consumers – the increase in smart and connected devices is also being seen in the industrial domain. There is a clear trend in many industrial sectors to enhance visibly and efficiency in operations by deploying multiple network-enabled devices to gain additional insight on their processes. These devices are often referred to as the Industrial Internet of Things (IIoT)

 Wireless sensors can now be added to a plant in a much more cost-effective manner than traditional wired instrumentation. This allows additional data to be captured that was perhaps only infrequently gathered before by an employee armed with a clipboard. Also, a wealth of additional health and diagnostic data can be gathered from smart instrumentation which can enable plant managers to schedule planned maintenance, rather than wait for a device failure and have an unplanned stoppage whilst a fix is made.

Additional connectivity can also benefit plant engineers, for example if a Wi-Fi wireless network is deployed on plant, then significant time and efficiency savings can be made by viewing and responding to the control system HMI directly in the field rather than having to return to the control room, particularly when commissioning new equipment or during time-sensitive plant turn-arounds.

A wireless network can also be used to provide support from a remote expert via voice & video link directly to an operator in the field.

While wireless can be a secure technology for use on a plant, careful design considerations need to be made to ensure factors such as appropriate segregation and authentication methods are in place.

 Regency ITC have a team of expert ICS cyber security consultants with an array of experience gained from backgrounds in engineering and control system design, and offer vendor neutral advice and guidance aimed at reducing the risk to your plant when using IIoT devices.

If you would like to develop a deeper understanding of how cyber-attacks could impact on your Operational Technology systems, contact us on 01242 225699 or email us at