Botnets and the Internet of Things (IoT)

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Botnets and the Internet of Things (IoT)

An advanced type of attack mechanism is a botnet, which consists of computers and devices that are infected with software such as those used in DDoS attacks. When enough of these systems are infected to reach a critical mass, they can be used to do tremendous damage. Botnets can stretch from one side of the globe to another and be used to attack a system or carry out a number of other tasks.

In recent years, more and more devices, appliances, vehicles, and other objects of many types have included network communication hardware and software that allow them to connect to networks. These newly network capable devices are collectively known as the Internet of Things (IoT). Today, it isn’t uncommon for new vehicles, refrigerators, doorbells, home weather stations, and many other devices to be network capable. This means each of these devices contains a computer and network interface. Once connected to a network, and often the Internet, each of these devices becomes a possible DDoS attack source. Attackers know that most IoT devices have little or no security controls configured. Most of these devices are purchased by consumers with virtually no security training or awareness. As the IoT grows, so will the number of potential bots for future attacks.

Botnets can perform several attacks, including:

DDoS attacks—This construct makes sense as an attack method based on the way a DDoS works and the number of systems that can be infected.
Sending—Botnets have been used to transmit spam and other bogus information on behalf of their owner.
Stealing information—Attacks have also been carried out with botnets to steal information from unsuspecting users’ systems.
Click fraud—This attack is where the attackers infect a large number of systems with the idea that they will use the infected systems to click on ads on their behalf, generating revenue for themselves.

A “bot” is a type of malware that allows an attacker to take control of an affected computer or device. The term can also refer to the computer or device that is infected. Also known as “web robots,” bots are usually part of a network of infected devices known as a “botnet,” which is typically made up of victims’ computers and devices that stretch across the globe.

CHAPTER SUMMARY

This chapter focused on three types of network attacks: sniffing, session hijacking, and DoS attacks. Each of these attacks represents a powerful weapon in the hands of a skilled attacker.

Sniffing is the process of capturing and analyzing traffic in an effort to observe information that is confidential. Sniffing can be performed on just about any network, but the technique may require that you adapt it based on how the network operates. In networks with a hub, you can easily sniff using any packet sniffer process. It’s a different story with switched networks, however. The switch prevents you from seeing what is on a different collision domain. On networks where switching is used, you will have to use techniques such as MAC flooding and ARP spoofing to bypass the switch before sniffing.

Moving beyond or building upon the techniques that were introduced in sniffing is the session hijack, which is an aggressive and powerful weapon in the hacker’s arsenal. A session hijack takes over an existing authenticated session and uses it to monitor or manipulate the traffic and even execute commands on a system remotely. Session hijacking in its most advanced stages directly affects and attacks the integrity of information in an organization. Attackers using this technique can modify information at will because they have the credentials of the victim and whatever the victim has access to.

DoS attacks were discussed, and you learned how these attacks are used to shut down and deny legitimate access to and usage of services to users. A DoS attack targets a service or system to prevent it from being used for legitimate purposes for as long as the attacker wishes. Under the right conditions, a DoS directly attacks the confidentiality and integrity of data that users have been granted the right to use. Because DoS attacks can expose the attacker, DDoS attacks and botnets were introduced to explain how attackers can leverage multiple systems and hide their identities.

CHAPTER 11 ASSESSMENT

1. A DoS attack is meant to deny a service from legitimate usage.
1. A. True
2. B. False
2. Sniffers can be used to:
1. A. Decrypt information
2. B. Capture information
3. C. Hijack communications
4. D. Enforce security
3. Session hijacking is used to capture traffic.
1. A. True
2. B. False
4. Session hijacking is used to take over an authenticated session.
1. A. True
2. B. False
5. Active sniffing is used when switches are present.
1. A. True
2. B. False
6. ________ is used to overwhelm a service.
7. ________ is used to flood a switch with bogus MAC addresses.
8. ________ is used to fake a MAC address.
1. A. Spoofing
2. B. Flooding
3. C. Poisoning
4. D. Hijacking
9. What type of device can have its memory filled up when MAC flooding is used?
1. A. Hub
2. B. Switch
3. C. Router
4. D. Gateway
10. What technique is used when traffic is captured on a network with hubs?
1. A. Active sniffing
2. B. Passive sniffing
3. C. MAC flooding
4. D. Ether flooding

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Botnets and the Internet of Things (IoT)

Create new playlist

Sign In

Sign Up

Table of Contents for
Botnets and the Internet of Things (IoT)