Check out all the on-demand sessions from the Intelligent Security Summit here.
Many of us have seen this scene in so many zombie movies: A howling horde advances on the outpost in the form of one roaring, crawling pile of plagued flesh. “There’s too many of ‘em! Fall back!..” Gunfire, now stuttering and distant. A crazed staccato of the last survivor’s hectic run-for-it… Then, finally, silence.
Mēris (Latvian for “plague”), a modified version of the infamous Mirai botnet, brought some 250,000 “zombies,” or compromised devices, to the party last summer, and the assault they put up would have put the above scene to shame. According to researchers, the botnet was able to throw as many as 21.8 million requests per second at its victims, crashing their overloaded servers in a major Decentralized Denial-of-Service (DDoS) attack.
DDoS attacks soared by 37% in 2021, according to a recent report. Botnets made up of hacked Internet of Things (IoT) devices are a major attack vector. And the truth is, this is only the beginning. Some of the processes unraveling on today’s tech scene could play into the hackers’ hands and set the stage for attacks of a whole new volume.
Ever since Facebook’s parent company changed its name to Meta, entire segments of the tech scene have been abuzz with chatter about the metaverse, a VR/AR-fused amalgamation of the real and virtual worlds. In practical terms, at least for now, it means wearing a funny-looking helmet on your head while in a business meeting with animated 3D cartoons of your investors.
GamesBeat Summit: Into the Metaverse 3
Join the GamesBeat community online, February 1-2, to examine the findings and emerging trends within the metaverse.
In even more practical terms, this means more connected devices everywhere, both on corporate grounds and at home. The bare minimum for conducting your business through the metaverse — that is, Zoom — requires just two smartphones, but there’s a reason why the conference camera market recently exploded. You want a crisp picture and a good sound on your calls, so you get the smart equipment that can deliver. Safety is also a must, so a few body-heat sensors would come in handy as well, and motion sensors, too, to prevent overcrowding. Link all that with a data platform to aggregate the sensor feed and build a comprehensive management solution, and you are in the green.
Transforming an office, a manufacturing site, a power plant or any other business or industrial facility into a metaverse hub is, for now, a very distant prospect. It’s likely, though, that it would mean bringing in a whole lot of connected devices. Headsets, which are yet to become ubiquitous; sensor-outfitted wearables for better VR/AR controls; and wall-mounted sensors all have to be part of the picture if we are no longer content with experiencing the digital world on a regular screen. Even before the metaverse dream took hold, the IoT device market was soaring, and the metaverse’s advent would only kick the process into a higher gear.
Now, the bad news. We may want to cool our heads a bit and take a deep breath before going on a metaverse-induced IoT shopping spree because all too often, we can’t even properly protect the devices already on-site.
Ghosts in the machine
The IoT market has a major security problem. Poor management of connected devices ranked first on the list of IT professionals’ security concerns in a recent survey. Rightfully so, it seems, as just in the six months from January to June 2021, hackers managed to compromise some 1.5 billion IoT devices, a massive uptick from 2020. Some of these hacks can amount to nothing but an innocuous joke, but others result in actual data loss and associated expenses. And the latter are the ones that companies often prefer staying quiet about, so there’s a certain fog of war in play here.
Even from what we know, though, a successful attack routed through or aimed at a connected device can lead to severe damage. It can bring power grids down, shutter assembly lines, or offer the attackers a cozy view of the target’s inner workings through the eyes of hijacked cameras.
By the same account, the proliferation of potentially vulnerable devices likely means that we will see even more massive botnets in the future. Their ability to bring down websites and web services is already troublesome enough in a world where the SaaS model is shaping up as the dominant one in the software market. If your clients need to connect to your server, whether your own or on-cloud, to use your services, an attack that strikes it down takes aim at the very core of your business.
Furthermore, botnets can do more than spam connection requests at whatever target their overlords happen to dislike. A botnet can work to disseminate malware, which makes it a power multiplier in a larger attack. It can pull in sensitive data from its army of zombified devices for espionage or blackmail, or as an intelligence collection tool for a targeted phishing attempt. There are even more exotic options for savvy hackers to try their hand at, such as meddling with the power supply in a specific network, which is potentially deadly in harsh winter conditions.
The push for the metaverse, should it ever bear fruit, will not in itself create a fertile ground for the rise of the largest botnet ever, as this trend has already been long in the making. Without due precaution and security protocols in mind, though, it could be the final nudge that sets a roaring avalanche in motion — so we’d better start preparing to fight off those zombie hordes now.
Brad Yasar is the Founder and CEO of EQIFi.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!
Read More From DataDecisionMakers