IoT will create unmanageable botnet risk, says Juniper
Juniper Research predicts million-plus IoT device botnets will be deployed by cybercriminals
The growth of the Internet of Things brings with it a risk of "unmanageable" botnet attacks, according to analyst company Juniper Research.
Juniper said that the rise in the number of IoT connected devices, predicted to reach over 15 billion consumer IoT devices alone by 2021, will lead to million device botnets that will be widely used by cyber criminals.
In total, the IoT will total over 46 billion devices by 2021, Juniper noted in its latest report, ‘The Internet of Things for Security Providers'.
IoT devices have already been hijacked for use in botnets, notably the Mirai botnet, used to attack Domain Name Server provider Dyn last year, which generated volumes of traffic reportedly reaching 1.2 Tbps.
Such attacks could be just the "tip of the cyber security iceberg", Juniper warned, with IoT botnets likely to be used for more malicious purposes than just disruption of internet services.
Research author Steffen Sorrell said: "Attacks such as those on Dyn last October can be viewed as proof of concepts. In the medium-term, botnets will be used far more creatively - not only to disrupt services, but also to create a distraction enabling multi-pronged attacks aimed at data theft or physical asset disruption."
The research called on IoT device manufacturers to ‘take responsibility' by implementing security-by-design, adding that corporate-scale vendors such as Amazon, Google and Samsung should lead efforts to galvanise other vendors to apply security best-practices.
Additionally, the research found that the security threat landscape is widening. IoT DDoS (distributed denial-of-service) ‘botnet' attacks have become infamous in 2016, although in the medium-term, personal data theft, corporate data theft and physical asset damage will be the primary goals for IoT hackers.
It was found that enterprise and industry are investing heavily in security for the IoT, driven in part by the realisation of the total lack of security in industrial systems, and the need to establish trust in IoT.
The consumer market landscape however is "woeful", Juniper said, with lax attitudes towards security from across the spectrum. Lack of confidence in IoT security is likely to hold up the adoption of consumer IoT, and many smaller players with high levels of competition and small margins will lack the ability to fund security development and maintenance. This will place the onus on larger players to drive the focus on IoT security. Regulatory, corporate and media collaboration would also be needed in order to improve the overall threat landscape, Juniper said.