The Rise of Thingbots in the Philippines

Published November 9, 2017, 10:00 PM

Thingbots, botnets built exclusively from IoT devices, are set to become the infrastructure for a darknet future. This is one of the key findings of F5 Networks’s latest report, “Threat Analysis: The Hunt for IoT – the Rise of Thingbots,” which continues to track Telnet activity, and the progressions of Mirai, as well as Persirai, a new thingbot.

The report exposes how IoT devices have been, and will continue to be one of the most highly exploitable tools in the arsenals of cyber attackers.

Cybersecurity remains a key issue in the Philippines, and even more so now with Filipinos becoming increasingly aware about cyber attacks and similar threats. In line with this, the government has committed P2 billion for the next three years to boost the country’s cybersecurity framework. The Department of Information Communication Technology, a government bureau established in 2016 to help police the Philippine internet, launched the National Cybersecurity Plan 2022 early this year.

Cybersecurity will continue to remain a key concern in today’s ever connected world, driven by the rise of IoT. Hackers find new ways to leverage unprotected devices to launch cyber attacks. The reality remains – our world of unsecured devices is the new playground for hackers; and according to F5 Networks’ latest report, this is not going to change (until IoT manufacturers are forced to secure these devices), as IoT devices are becoming the “cyberweapon delivery system of choice” by today’s botnet-building attackers.

Some of the key insights:

  • IoT attacks rose by 280%, attributed to the Mirai malware and its subsequent attacks (Image above)
  • China, previously the top source country from which attacking activity originated, has dropped off significantly, contributing less than 1% to the total attack volume
  • Spain has taken over as the leader in attacks, with 83% of attacks launched from a hosting provider network based there
  • Hackers are building thingbots based on specific disclosed vulnerabilities in IoT devices, rather than having to find new exploits

What does this mean for enterprises?

  • Have a DDoS strategy ready at hand
  • Ensure redundancy for critical services, and that they are prepared for downstream impact
  • Implement credential stuffing solutions
  • Train employees on the threat and vulnerability of IoT devices – the more aware they are of these threats, the less likely they are to become affected by the attacks