Mathew Woodyard scite author profile

Mathew Woodyard

2Publications

3Citation Statements Received

27Citation Statements Given

How they've been cited

How they cite others

Affiliations

Publications

Order By: Most citations

Macroscopic Analysis of IoT Botnets

Almazarqi

Woodyard²,

Mursch³

et al. 2022

View full text Add to dashboard Cite

The adoption of the IoT by modern sociotechnical systems in synergy with the rapid deployment of insecure IoT devices and services has transformed the cyber-threat landscape. Thus, the vast majority of cyberattacks are underpinned by the orchestration of compromised IoT devices that are globally distributed and controlled through carefully designed IoT botnets. Contrary to conventional belief, cybersecurity vectors instrumented by such botnets are not always uniformly distributed across Internet Autonomous Systems (ASes). By virtue of network structural characteristics imposed by each individual Autonomous System (AS) as well as the diversity in terms of ASlevel cybersecurity policies, the spatiotemporal manifestation of IoT botnets differs. In this work, we provide a novel measurement study that empirically quantifies AS tolerance of IoT botnet propagation in the global IPv4 Internet. We assess and correlate measurements gathered by globally distributed honeypots, Internet regional registries and IP blacklists for a 15-month period and observe more than 3.2M malicious events triggered by IoT botnets spanning 9.5K ASes. Our work demonstrates that ASes connected to a low number of providers are prone to embrace a high portion of malicious activities. Hence, we provide evidence on concentrated botnet activities and determine the effectiveness of widely used IP blacklists. In general, this study contributes towards empowering knowledge on large-scale cyber-attacks as being crucial for the composition of next generation data-driven cybersecurity defence applications.

show abstract

Profiling IoT Botnet Activity in the Wild

Almazarqi

Marnerides

Mursch³

et al. 2021

View full text Add to dashboard Cite

Undoubtedly, the Internet of Things (IoT) contributes significantly to daily mission-critical processes underpinning a number of socio-technical systems. Conversely, its rapid adoption has extensively broadened the cyber-threat landscape by virtue of low-cost IoT devices that are manufactured and deployed with minimal security. Evidently, vulnerable IoT devices are utilised by attackers to participate into Internet-wide botnets in order to instrument large-scale cyber-attacks and disrupt critical Internet services. Since the 2016 outbreak of the first IoT Mirai botnet there has been a continuous evolution of Mirai-like variants. Tracking these botnets is challenging due to their varying structural characteristics, and also due to the fact that malicious actors continuously adopt new evasion and propagation strategies. This work provides a new measurement study highlighting specific behavioural properties of Mirai-like botnets in terms of their propagation. We provide a comprehensive analysis conducted on real Cyber Threat Intelligence (CTI) feeds gathered for a period of 7 months from globally distributed attack honeypots and pinpoint the evolutionary port scanning patterns, targeted vulnerabilities and preferred services pursued by Mirai-like botnets. We identify the most frequently active Mirai-like malware binaries and we are the first to report the evolution of a new, P2P-based variant. In parallel, we provide evidence related to the lack of vendor-specific patching through highlighting unpatched vulnerabilities. Moreover, we pinpoint the inadequacy of widely used IP blacklisting databases to timely list malicious IP addresses. Thus, arguing in fair of integrating honeypot information from diverse Internet vantage points within the design of next generation botnet defence mechanisms.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Mathew Woodyard

Macroscopic Analysis of IoT Botnets

Profiling IoT Botnet Activity in the Wild

Contact Info

Product

Resources

About