The zombie apocalypse theme is a bread-and-butter theme in many sci-fi films and even games. To be overrun by uncontrolled hordes of zombies from all directions, with no place to hide or protect oneself is a very fearful situation. The good thing is that zombies are fiction, isn’t it? Partly incorrect when we talk about computers and devices connected to the Internet, unfortunately. There is such a thing as a “zombie” computers, they are regular PCs, servers, smartphones, tablets, IoT devices that operate as normal, yet unknown to their owners are also living a double-life. Zombie computers are members of a massive fleet of devices belonging to a botnet. A botnet is a group of Internet-connected devices under the orders of a malware, directly receiving control and instructions from a hacker group.
Massive botnet attack is the primary instrument for pulling-off successful DDoS (Distributed Denial of Service) attacks, a technique of overloading a webserver with requests too many that it can no longer be accommodated by the server. With DDoS attacks, the server stops servicing legitimate customers, as it becomes too busy with servicing dummy requests from botnet members. As much as 100 gigabytes per second of traffic per DDoS attack is very common since last year, 2018. Unfortunately, even if desktop operating systems such as Windows, MacOS, and Linux have greatly improved their security capabilities for the last 10-years, the introduction of smartphones and IoT devices greatly increases the potential growth of botnets. Windows used to be the common target of botnets, as there are billions of Windows computers operating at any given time, and hundreds of millions of them remain unpatched by their owners. Unpatched operating systems are easier to infect, and those machines operating under a 24/7 basis in a firm are great candidates for contributing to the goals of botnets.
Microsoft, Apple and dozens of Linux distributions have created good enough package update system which will enable the machines to download the necessary updates as it comes. This closes the gap between the date when a security bug is discovered until the same bug is patched with an update. But in the case of smartphones and IoT, it is completely a different story. Apple through its tight hardware-software integration with its iOS devices, hence updates are made available as soon as it is released, it is not the same as Android. Only Google’s own Pixel and Android Go (formerly Android One) devices have immediate update cycle similar to iOS, but the rest of the devices under the Android umbrella take a long time to get updated. Non-Google Android device updates are at the mercy of each individual Android hardware vendor. Hardware manufacturers prefer to sell new phones with new Android version to their customers rather than spending for updating the devices that they already sold. Hence, hundreds of million devices in the Android platform are running vulnerable versions of Android, and it only takes a wrong sideloaded app to make these devices part of botnets.
DDoS attack botnet membership is growing by leaps and bounds in the IoT space as well. IoT (Internet-of-Things) devices were appliances, ordinary household and corporate appliances with an Internet connection and simple SOC (System-on-a-Chip). By-design these devices cannot host a complex operating system with enough instructions to host an antimalware program within it. As such, these devices are fully vulnerable to malware infection, which can easily make them members of DDoS attack botnets without resistance. The homes and firms that host an IoT device are on the cutting-edge of the technological roll-out, as the IoT industry is still in its infancy, where standards are not yet fully set. There are a couple of primary platforms competing for supremacy in IoT devices, Microsoft’s Azure Sphere and Google’s Android Things. Just like the infancy of the PC platform in the ’80s, it will take a while for IoT to shape-up, to have a resemblance of standardization. The only alternative is to connect these devices either as totally air-gapped devices (not connected to the Internet) or connect them behind a NAT (or a hardware firewall if there is any).