Over the past few years, we have seen the development of predictive software using artificial intelligence techniques. The latest advances in these sorts of tools employ swarm technology to use massive databases of expert knowledge, comprised of billions of constantly updated bits of data, to make accurate predictions. Such systems can be used to offer advice, make medical diagnoses or increase trading profitability on the stock exchange. This sort of predictive analysis represents an entirely new paradigm for how computing resources will be used to transform our world.
So, what does this have to do with IoT? Over the past year we have seen the development and deployment of massive IoT-based botnets, such as Mirai or the currently emerging Reaper system, built around millions of compromised IoT devices. These weaponized botnets have been used as blunt force tools to knock out devices, networks or even huge segments of the internet.
Based on developments we are seeing in places like the dark web, we predict that cybercriminals will begin to upgrade IoT-based botnets with swarm-based technology to create more effective attacks. If you think about it, traditional botnets are mindless slaves — they wait for commands from the bot herder (master) in order to execute an attack. But what if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems, or simultaneously target multiple vulnerability points in a network using a variety of penetration and exploit techniques?
The result would be a Hivenet instead of a botnet. Such a tool can use peer-based self-learning to effectively target vulnerable systems at an unprecedented scale. Hivenets will be able to use swarms of compromised devices, or swarmbots, to simultaneously identify and tackle different attack vectors. Hivenets are especially dangerous because, unlike traditional botnet zombies, individual swarmbots are smart. They are able to of talk to each other, take action based on shared local intelligence, use swarm intelligence to act on commands without the botnet herder instructing them to do so, and recruit and train new members of the hive. As a result, as a Hivenet identifies and compromises more devices it will be able to grow exponentially, and thereby widen its ability to simultaneously attack multiple victims.
While IoT-based attacks such as Mirai or Reaper are not using swarm technology yet, they already have the footprint necessary. Reaper is especially concerning because it uses a Lua engine with additional Lua scripts. Lua is an embedded programming language designed to enable scripts to run, enabling an attacker to switch from one attack to another fairly easily. Upgrading this sort of code to use emerging swarm behaviors and AI would have devastating consequences.
Responding to a swarm outbreak
There is currently very little that can be done to effectively fight off such an attack. Traditional security tools allow organizations to simultaneously fend off a single or even several attackers. But a swarm is a completely different sort of challenge. In many cases, especially sustained multiple distributed denial-of-service attacks, there’s simply not enough mitigation capacity. Even today, with all of our advances in technology, when a swarm of killer bees is headed your way the best solution is to simply run away.
Protecting networks and services, including critical infrastructure, from a swarm attack will require a systematic approach based on identifying potential attack vectors and engineering vulnerabilities out of a network. Simply building in things like redundancy, automated backups and distributed network segmentation can go a long way towards effectively mitigating the impact of such attacks.
Make no mistake. Cybercriminals are organized, well-funded, resourceful and highly motivated. They are developing and deploying advanced malware, using cloud-based computing resources and developing cutting-edge tools based on AI and machine learning to not only circumvent advanced security defenses, but to also widen the scope and scale of their attacks.
In part two of this article, I will explore the most effect responses to IoT-based Hivenets, including the development of “expert systems” as the next critical response to advancements in malware and cybercriminal technologies.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.