Over the past few years, we have seen the development of predictive software using artificial intelligence techniques. The latest advances in these sorts of tools employ swarm technology to use massive databases of expert knowledge, comprised of billions of constantly updated bits of data, to make accurate predictions. Such systems can be used to offer advice, make medical diagnoses or increase trading profitability on the stock exchange. This sort of predictive analysis represents an entirely new paradigm for how computing resources will be used to transform our world.
So, what does this have to do with IoT? Over the past year, we have seen the development and deployment of massive IoT-based botnets, such as Mirai or the currently emerging Reaper system, built around millions of compromised IoT devices. These weaponized botnets have been used as blunt force tools to knock out devices, networks or even huge segments of the internet.
Based on developments we are seeing in places like the dark web, we predict that cybercriminals will begin to upgrade IoT-based botnets with swarm-based technology to create more effective attacks. If you think about it, traditional botnets are mindless slaves — they wait for commands from the bot herder (master) in order to execute an attack. But what if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems, or simultaneously target multiple vulnerability points in a network using a variety of penetration and exploit techniques?
The result would be a Hivenet instead of a botnet. Such a tool can use peer-based self-learning to effectively target vulnerable systems on an unprecedented scale. Hivenets will be able to use swarms of compromised devices, or swarmbots, to simultaneously identify and tackle different attack vectors. Hivenets are especially dangerous because, unlike traditional botnet zombies, individual swarmbots are smart. They are able to of talk to each other, take action based on shared local intelligence, use swarm intelligence to act on commands without the botnet herder instructing them to do so, and recruit and train new members of the hive. As a result, as a Hivenet identifies and compromises more devices it will be able to grow exponentially and thereby widen its ability to simultaneously attack multiple victims.
While IoT-based attacks such as Mirai or Reaper are not using swarm technology yet, they already have the footprint necessary. Reaper is especially concerning because it uses a Lua engine with additional Lua scripts. Lua is an embedded programming language designed to enable scripts to run, enabling an attacker to switch from one attack to another fairly easily. Upgrading this sort of code to use emerging swarm behaviours and AI would have devastating consequences.