SlideShare a Scribd company logo

Botnet and it's threat to the internet of things

bhuvanesh shankar
bhuvanesh shankar

botnet and its rising threats to the internet of things that changed the way we used to see the internet of things over the course of the day

Technology
1 of 22
BOTNETSAND IT’S THREAT TO THE IOT
WHAT IS A BOT • An Internet bot, also known as web robot, WWW robot or simply bot, is a software application that runs automated tasks (scripts) over the Internet. • Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. • The largest use of bots is in web spidering (web crawler), in which an automated script fetches, analyzes and files information from web servers at many times the speed of a human
BOTNET EXPLAINED • A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things devices that are infected and controlled by a common type of malware. Users are often unaware of a botnet infecting their system. • The word "botnet" is a combination of the words "robot" and "network“ • A botnet is a logical collection of internet connected devices such computers, smartphones or IoT devices whose security has been breached and control ceded to a third party. Each such compromised device, known as a "bot"
• Botnet infections are usually spread through malware, such as a Trojan horse. • Botnet malware is typically designed to automatically scan systems and devices for common vulnerabilities that haven't been patched, in hopes of infecting as many devices as possible. Botnet malware may also scan for ineffective or outdated security products, such as firewalls or antivirus software.
BOTNET ARCHITECHTURE The botnet architechture can be classififed into two types • traditional client/server • Peer to peer
The traditional client/server approach involves setting up a command-and-control (C&C) server and sending automated commands to infected botnet clients through a communications protocol, such as internet relay chat (IRC). The bots are often programmed to remain dormant and await commands from the C&C server before initiating any malicious activities Simple to deploy, cheap, short latency for large scale attacks Easiest to eliminate COMAND&CONTROL ARCHITECHTURE
PEER-PEER ARCHITECTURE • In this approach to controlling of the infected bots involves a peer-to-peer network. • Instead of using C&C servers, a peer- to-peer botnet relies on a decentralized approach. • Infected devices may be programmed to scan for malicious websites, or even for other devices in the same botnet. The bots can then share updated commands or the latest versions of the botnet malware. • Difficult to eliminate
THE BOTNET MEETS IOT • one of the fastest growing and nefarious bots include those that exploit Internet of Things (IoT) devices as weapons of attack • By 2016, the number of connected things was nearly double the number of connected users and the volume of Connected devices grows much more quickly than the Internet population. Depending on which source is consulted, the number of IoT units installed could reach as many as 20 billion by 2020
WHY BOTNETS LIKE INTERNET OF THINGS • Stripped-down OS: These devices often run on the Linux operating system—but use an embedded or stripped-down version that is comparatively easy to compromise with malware. • - Unfettered access: When “things” are Internet accessible, their access is usually unfettered by filtering or limitations on bandwidth. • - Lack of basic security: With their barebones OS and processing power, these devices simply don’t have enough capacity for standard security capabilities like auditing. The result? Device owners won’t even notice most compromises. • - Reused components: Device manufacturers often reuse portions of hardware and software in various devices. Though intended to save engineering time, this practice also results in default passwords and vulnerabilities being shared across not just device classes, but also manufacturers.
Lets look into botnets that changed the way we see the iot • Zeus • Srizbi • Gameover Zeus • Methbot • Mirai • BRICKERBOT: THE VIGILANTE
ZEUS • Zeus, ZeuS, or Zbot is package that runs on versions of Microsoft Windows. While it can be to carry out many malicious and criminal tasks, it is often used to steal banking information by man-in- the-browser keystroke logging and form grabbing • zeus is the first botnet to infect vulnerable devices and systems, and variants of this malware have used to spread CryptoLocker ransomware. • Zeus, or Zbot, was used to harvest banking credentials and financial information from users of infected devices
SRIZBI • The Srizbi botnet, which was first discovered in 2007, was, for a time, the largest botnet in the world • Srizbi, also known as the Ron Paul spam botnet, was responsible for a massive amount of email spam -- as much as 60 billion messages a day, accounting for roughly half of all email spam on the internet at the time • The botnet used a Trojan to infect users' computers, which were then used to send out spam. Experts estimated that the Srizbi botnet included approximately 450,000 infected systems.
GAME OVER ZEUS • Approximately a year after the original Zeus botnet was disrupted, a new version of the Zeus malware emerged, known as Gameover Zeus • Instead of relying on a traditional, centralized C&C operation to control bots, Gameover Zeus used a peer-to-peer network approach, which initially made the botnet harder for law enforcement and security vendors to pinpoint and disrupt. Infected bots used the domains to communicate • The Gameover Zeus botnet would generate domain names to serve as communication points for infected bots. An infected device would randomly select domains until it reached an active domain that was able to issue new commands • The game over zeus came back with more ransomware
METHBOT • An extensive cybercrime operation and ad fraud botnet known as Methbot was revealed in 2016 • Methbot was generating between $3 million and $5 million in fraudulent ad revenue daily last year by producing fraudulent clicks for online ads, as well as fake views of video advertisements • the Methbot campaign is run on approximately 800- 1,200 dedicated servers in data centers located in both the U.S. and all over world. The campaign's operational infrastructure includes 6,000 spoofed domains, and more than 850,000 dedicated IP addresses, many of which are falsely registered • The infected servers can produce fake clicks and mouse movements, as well as forge social media account logins to appear as legitimate users to fool conventional ad fraud detection techniques
MIRAI • The mirai botnet is one of the first botnet to use the botnet for using the internet of things for denial of service • Mirai malware is designed to scan the internet for insecure connected devices, while also avoiding IP addresses belonging to major corporations, like Hewlett-Packard ,Lenovo, Motorola and government agencies, such as the U.S. Department of Defense • Once it identifies an insecure device, the malware tries to log in with a series of common default passwords used by manufacturers. • If those passwords don't work, then Mirai uses brute force attacks to guess the password. Once a device is compromised, it connects to C&C infrastructure and can divert varying amounts of
• Devices that have been infected are often still able to continue functioning normally, making it difficult to detect Mirai botnet activity from a specific device. • For some internet of things (IoT) devices, such as digital video recorders, the factory password is hard coded in the device's firmware, and many devices cannot update their firmware over the internet. • To make things worse the creator of mirai open-sourced the mirai –botnet and created a large scale havoc on iot • The recent ransome ransomware attack “wannacry” that shook the world is also propgated by using mirai
BRICKER BOT • BrickerBot finds these devices and renders them unusable. The first version attacked about a thousand devices and alternate versions attacked thousands more. It disabled the devices by formatting the internal memory. • The devices all used a Linux package called BusyBox and had exposed telnet-based interfaces with default passwords. These devices were easily exploited by the Mirai botnet, which essentially turned them into denial-of-service weapons. • Destroys insecure IoT devices to keep them from taking part in DDoS botnets • · Only attacks devices already compromised by other bots
PREVENTING BOTNET ATTACKS • In the earlier days the botnet can be stoped by identifying the c&c centre aka(botmaster).but with increase in peer to peer it has been difficult to terminates the botnets directly • Be sure to: • • Change every device’s factory default credentials.
• Disable telnet and other open ports that are not used
•Check and upgrade firmware often.
AND FINALLY THE END With great power comes great responsbilty the internet of things may be a boon to the world . But it also take the world into a new game of cyber ware fare .the internet of things kils the privacy of the people and more over it wil make humans more lazy and ignorant in a smarter Way unlike any other

Recommended

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 

Recommended

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 

More Related Content

Recently uploaded

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Featured

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming LanguageSimplilearn
 

Featured (20)

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 

Botnet and it's threat to the internet of things

  • 2. WHAT IS A BOT • An Internet bot, also known as web robot, WWW robot or simply bot, is a software application that runs automated tasks (scripts) over the Internet. • Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. • The largest use of bots is in web spidering (web crawler), in which an automated script fetches, analyzes and files information from web servers at many times the speed of a human
  • 3. BOTNET EXPLAINED • A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things devices that are infected and controlled by a common type of malware. Users are often unaware of a botnet infecting their system. • The word "botnet" is a combination of the words "robot" and "network“ • A botnet is a logical collection of internet connected devices such computers, smartphones or IoT devices whose security has been breached and control ceded to a third party. Each such compromised device, known as a "bot"
  • 4. • Botnet infections are usually spread through malware, such as a Trojan horse. • Botnet malware is typically designed to automatically scan systems and devices for common vulnerabilities that haven't been patched, in hopes of infecting as many devices as possible. Botnet malware may also scan for ineffective or outdated security products, such as firewalls or antivirus software.
  • 5. BOTNET ARCHITECHTURE The botnet architechture can be classififed into two types • traditional client/server • Peer to peer
  • 6. The traditional client/server approach involves setting up a command-and-control (C&C) server and sending automated commands to infected botnet clients through a communications protocol, such as internet relay chat (IRC). The bots are often programmed to remain dormant and await commands from the C&C server before initiating any malicious activities Simple to deploy, cheap, short latency for large scale attacks Easiest to eliminate COMAND&CONTROL ARCHITECHTURE
  • 7. PEER-PEER ARCHITECTURE • In this approach to controlling of the infected bots involves a peer-to-peer network. • Instead of using C&C servers, a peer- to-peer botnet relies on a decentralized approach. • Infected devices may be programmed to scan for malicious websites, or even for other devices in the same botnet. The bots can then share updated commands or the latest versions of the botnet malware. • Difficult to eliminate
  • 8. THE BOTNET MEETS IOT • one of the fastest growing and nefarious bots include those that exploit Internet of Things (IoT) devices as weapons of attack • By 2016, the number of connected things was nearly double the number of connected users and the volume of Connected devices grows much more quickly than the Internet population. Depending on which source is consulted, the number of IoT units installed could reach as many as 20 billion by 2020
  • 9. WHY BOTNETS LIKE INTERNET OF THINGS • Stripped-down OS: These devices often run on the Linux operating system—but use an embedded or stripped-down version that is comparatively easy to compromise with malware. • - Unfettered access: When “things” are Internet accessible, their access is usually unfettered by filtering or limitations on bandwidth. • - Lack of basic security: With their barebones OS and processing power, these devices simply don’t have enough capacity for standard security capabilities like auditing. The result? Device owners won’t even notice most compromises. • - Reused components: Device manufacturers often reuse portions of hardware and software in various devices. Though intended to save engineering time, this practice also results in default passwords and vulnerabilities being shared across not just device classes, but also manufacturers.
  • 10. Lets look into botnets that changed the way we see the iot • Zeus • Srizbi • Gameover Zeus • Methbot • Mirai • BRICKERBOT: THE VIGILANTE
  • 11. ZEUS • Zeus, ZeuS, or Zbot is package that runs on versions of Microsoft Windows. While it can be to carry out many malicious and criminal tasks, it is often used to steal banking information by man-in- the-browser keystroke logging and form grabbing • zeus is the first botnet to infect vulnerable devices and systems, and variants of this malware have used to spread CryptoLocker ransomware. • Zeus, or Zbot, was used to harvest banking credentials and financial information from users of infected devices
  • 12. SRIZBI • The Srizbi botnet, which was first discovered in 2007, was, for a time, the largest botnet in the world • Srizbi, also known as the Ron Paul spam botnet, was responsible for a massive amount of email spam -- as much as 60 billion messages a day, accounting for roughly half of all email spam on the internet at the time • The botnet used a Trojan to infect users' computers, which were then used to send out spam. Experts estimated that the Srizbi botnet included approximately 450,000 infected systems.
  • 13. GAME OVER ZEUS • Approximately a year after the original Zeus botnet was disrupted, a new version of the Zeus malware emerged, known as Gameover Zeus • Instead of relying on a traditional, centralized C&C operation to control bots, Gameover Zeus used a peer-to-peer network approach, which initially made the botnet harder for law enforcement and security vendors to pinpoint and disrupt. Infected bots used the domains to communicate • The Gameover Zeus botnet would generate domain names to serve as communication points for infected bots. An infected device would randomly select domains until it reached an active domain that was able to issue new commands • The game over zeus came back with more ransomware
  • 14. METHBOT • An extensive cybercrime operation and ad fraud botnet known as Methbot was revealed in 2016 • Methbot was generating between $3 million and $5 million in fraudulent ad revenue daily last year by producing fraudulent clicks for online ads, as well as fake views of video advertisements • the Methbot campaign is run on approximately 800- 1,200 dedicated servers in data centers located in both the U.S. and all over world. The campaign's operational infrastructure includes 6,000 spoofed domains, and more than 850,000 dedicated IP addresses, many of which are falsely registered • The infected servers can produce fake clicks and mouse movements, as well as forge social media account logins to appear as legitimate users to fool conventional ad fraud detection techniques
  • 15. MIRAI • The mirai botnet is one of the first botnet to use the botnet for using the internet of things for denial of service • Mirai malware is designed to scan the internet for insecure connected devices, while also avoiding IP addresses belonging to major corporations, like Hewlett-Packard ,Lenovo, Motorola and government agencies, such as the U.S. Department of Defense • Once it identifies an insecure device, the malware tries to log in with a series of common default passwords used by manufacturers. • If those passwords don't work, then Mirai uses brute force attacks to guess the password. Once a device is compromised, it connects to C&C infrastructure and can divert varying amounts of
  • 16.
  • 17. • Devices that have been infected are often still able to continue functioning normally, making it difficult to detect Mirai botnet activity from a specific device. • For some internet of things (IoT) devices, such as digital video recorders, the factory password is hard coded in the device's firmware, and many devices cannot update their firmware over the internet. • To make things worse the creator of mirai open-sourced the mirai –botnet and created a large scale havoc on iot • The recent ransome ransomware attack “wannacry” that shook the world is also propgated by using mirai
  • 18. BRICKER BOT • BrickerBot finds these devices and renders them unusable. The first version attacked about a thousand devices and alternate versions attacked thousands more. It disabled the devices by formatting the internal memory. • The devices all used a Linux package called BusyBox and had exposed telnet-based interfaces with default passwords. These devices were easily exploited by the Mirai botnet, which essentially turned them into denial-of-service weapons. • Destroys insecure IoT devices to keep them from taking part in DDoS botnets • · Only attacks devices already compromised by other bots
  • 19. PREVENTING BOTNET ATTACKS • In the earlier days the botnet can be stoped by identifying the c&c centre aka(botmaster).but with increase in peer to peer it has been difficult to terminates the botnets directly • Be sure to: • • Change every device’s factory default credentials.
  • 20. • Disable telnet and other open ports that are not used
  • 21. •Check and upgrade firmware often.
  • 22. AND FINALLY THE END With great power comes great responsbilty the internet of things may be a boon to the world . But it also take the world into a new game of cyber ware fare .the internet of things kils the privacy of the people and more over it wil make humans more lazy and ignorant in a smarter Way unlike any other