The botnets are coming!

According to cybersecurity firm IID, Chinese and Eastern European hackers are likely to take control of millions of new devices connected to the Internet of Things, and create a botnet army out them for various nefarious purposes.

IoT Botnets Will Be Major Problem By 2017: IID

No, this is not the script for a new Terminator or James Bond movie, this is the projection of a major, well-regarded internet security organization. IID argues that there is simply no way that cybersecurity will be able to keep up with the rapidly evolving hacking threats over the next few years, and that it is pretty much inevitable that Black Hat Hackers will gain control of large botnet armies and undertake criminal activities.

More on armies of IoT botnets

A botnet is a group of computers that have been infected with malware controlled by cybercriminals to launch mass attacks without the knowledge of their owners.

A recent IID report highlights that botnets can range from just few hundred to millions of enslaved machines, and after being hijacked by cybercriminals they are used to execute network-based attacks (typically Distributed Denial of Service attacks) against businesses or individuals with these bots overwhelming networks with traffic. They can also be used to redirect users to commercial content to produce revenue, basically marketing or affiliate fraud (e.g. pay-per-click fraud). Finally, these botnets can also be directed to spy on the owners of devices for extortion or blackmail.

“The increasingly advanced technical capabilities of IoT devices such as autonomous consumer-grade drones and smart appliances will not be able to keep pace with security and privacy requirements. This will drive large-scale compromises of IoT devices,” IID Vice President of Threat Intelligence Sean Tierney explained. “As these devices are used to attack other networks or for retaliatory attacks, it will eventually lead to the ‘Battle of the Botnet’ for domination of IoT.”

Custom website domains likely to go bankrupt

The Internet Corporation for Assigned Names and Numbers manages the Domain Name System, and ICANN began giving out hundreds of new gTLDs domain names in 2013 These gTLDs range from “.apartments” to “.doctor” to “.dentist” to “.health” to “.porn”. IID, however, says that many of these TLDs, and the websites and other services that rely on them, could disappear by 2017 as adoption has been much less than projected.

In fact, IID is projecting a number of domain registry failures as a result of the low popularity of gTLDs. “Most new gTLDs have failed to take off and many have already been riddled with so many fraudulent and junk registrations that they are being blocked wholesale,” explained IID President and Chief Technology Officer Rod Rasmussen. “This will eventually cause ripple effects on the entire domain registration ecosystem, including consolidation and mass consumer confusion as unprofitable TLDs are dropped by their sponsoring registries.”

It is a big deal when a domain registry “fails”. When a domain registry goes down, all of the websites, email or other services associated with it also go down, meaning the owners must make new arrangements. The IID report notes there is a program for support of struggling registry operations until a solvent registry or another organization buys them in auction and relaunches.

The key question here, of course, is who is going to risk an investment in underperforming TLDs? Moreover, according to IID, the number of failures could bed in the hundreds by 2018. “That’s why eventually some are going to just plain go dark,” Rasmussen commented.

China to overtake Russia as global hacking capital

A final projection from IID is that the struggles in the Chinese economy are likely to lead to rapid growth of organized cybercriminal enterprises in China. IID anticipates these “persistent criminal enterprises” will rival and even overtake Russian / Eastern European organized cybercrime in scope, size and complexity by the end of 2017.

Going out on a limb, the IID report also anticipates that the current Russian – Chinese Cyber Alliance will fall apart by 2019, as the aggressive new Chinese cybercriminal organizations begin targeting Eastern European citizens, companies and rival cybercrime organizations, and then laundering and hiding the stolen money into China. This kind of activity would undermine Russia’s original intent behind the alliance (to form stronger ties with China due to weak relations with the U.S.) and probably lead to the agreement being scrapped.