The pandemic has resulted in a threefold increase in cyber attack by malicious botnet drones, all originating from Singapore.

A strong increase in botnet drones with Singapore-based IP addresses has been reported by the Cyber Security Agency of Singapore, reflecting an attempt by hackers to attack home and office devices that are connected to the internet.

The detected increase reached up to 6,600 botnet drones with Singapore IP addresses, compared to the 2,300 botnet drones detected in 2019.

According to David Koh, Commissioner of the CSA: “Due to the challenges brought about by the COVID-19 pandemic, 2020 was a watershed for digitalization efforts across all parts of the economy and society. Unfortunately, the speed and scale at which digital technology was adopted may have led to some risks being taken, and threat actors are capitalizing on this.”

Long predicted IoT vulnerabilities

Compromised IoT devices have been used to capture sensitive footage for blackmail, to perform cryptomining by stealing processing power, launch ransomware attacks, comprise a node in a distributed denial of service attack. All of these malicious activities had been predicted by many experts long before IoT ever took off.

With the announcement on the sharp increase of botnet drones, two experts have offered their insights. Jonas Walker, a Security Strategist at FortiGuard Labs, Fortinet, noted that most modern connected devices run on some sort of operating system that malicious threat actors can exploit for different purposes. “The more computers a hacker group controls, the more powerful it gets. Many of these low-performance devices can stack up quite heavily and bring down some of the most powerful servers when used together.”

Walker said that botnet drones tend to spread inside networks to infect additional devices and provide a remote access capability into the network, which can be leveraged for lateral movement through the network to give attackers persistent access whenever needed in the future.

“Therefore, any additional device connected to this network in the future is at risk of being infected by the initial IoT device that spreads malware to these new devices like mobile phones and laptops with much more sensitive information. Additionally, if attackers launch specific commands, these devices can use most of their resources for these tasks, leading to malfunctions of the initial purpose,” Walker said.

Another expert, Daniel Chu, Director of Systems Engineering, ExtraHop (Asia Pacific), commented it is not uncommon for commercial IoT devices to run cheap and outdated software with know and easily exploited vulnerabilities. “Competitive market conditions have forced IoT manufacturers to rush the delivery of products without much thought about device security. With home IoT gadgets gaining popularity during a lockdown, it is understandable to see a rise in botnet attacks.”

Expert tips for IoT security

The most practical advice for the average IoT consumers in Singapore and elsewhere, Chu said, is to vote with their wallet: buy solutions from reputable vendors that have a track record of investing in security and avoid shady vendors with dubious histories. “This is the only way we can drive IoT vendors to put security into IoT.”

Walker added that basic cyber hygiene is vital. “Run regular antivirus scans and never download attachments from unknown email senders. Updating your software on your smartphone automatically is recommended since most updates are not feature-related but for security. Keeping operating systems on your laptop up to date is critical.”