Patch new IoT devices fast, researchers warn, or they’ll be in a botnet

For some time threat actors who create Internet of Things-based botnets have been relying on brute force attacks to take control of and build chains of devices for delivering malware or distributed denial of service attacks.

But according to a report out today from Netscout, as more secure IoT devices are being installed hackers are also adding a new takeover strategy: Exploiting vulnerabilities in the devices.

“In November our honeypot observed several older IoT vulnerabilities being used as a means to deliver malware,” says researchers in a blog. “Our data indicates it takes less than one day before a new IoT device is hit with exploitation attempts against known vulnerabilities.”

By comparison, it can take as little as five minutes after an IoT device is connected to the Internet and it will be subjected to  brute force login attempts using default IoT credentials. Still, vulnerability attacks can pay off becuase of the difficulties and slow cadence of patching IoT devices.

One factor that helps attackers is that IoT devices often sit on a distributor’s shelf for a while before being sold and installed on a network, say researchers. If a security update is released for the device it won’t be applied until the patch team updates it — assuming it is updated.

As evidenced the blog notes that in November its honeypot detected a number of attempts to exploit older IoT vulnerabilities to deliver variants of the Mirai botnet to devices.

“As the rate of patching IoT devices is done at a glacial pace, these older vulnerabilities are still leveraged by IoT botnets due to their level of success,” say researchers. “The continued use of these tried and true vulnerabilities highlights “what is old is new” when it comes to IoT botnets.”

Due to the sheer number of IoT devices connected to the internet, finding vulnerable devices is easy and quick. Add to the mix the large delta of when a vulnerable device is “turned on” and when updates for security vulnerabilities are applied, and attackers can quickly amass large botnets. In most cases these botnets are immediately conscripted into a DDoS army. It doesn’t take a significant amount of effort to create a large IoT botnet and create havoc, as we saw with the DDoS attacks conducted by Mirai in 2016.


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows...

Unlocking Transformation: IoT and Generative AI Powered by Cloud

Amidst economic fluctuations and disruptive forces, Canadian businesses are steering through uncharted waters. To...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now