The recent emergence of the Eleven11bot botnet which has compromised over 86,000 Internet of Things (IoT) devices, underscores the critical vulnerabilities inherent in unmanaged IoT ecosystems. This botnet, reported by The Shadowserver Foundation,  primarily targets devices such as security cameras and network video recorders, leveraging them to execute large-scale DDoS attacks against sectors including telecommunications and online gaming platforms.

The rapid expansion and potency of botnets like Eleven11bot have far-reaching consequences for businesses worldwide:

• As we all know, DDoS attacks can cause serious operational disruption, leading to significant downtime and revenue loss.
• Persistent security breaches can cause reputational damage, eroding customer trust and tarnishing a company’s reputation.
• Beyond immediate operational losses, businesses may incur substantial costs related to remediation, legal actions, and regulatory fines.

IoT devices are frequently exploited by cybercriminals because they are often deployed with weak security controls. Whether consumer or enterprise devices, many come with factory-set default credentials that users fail to change, making them easy targets for attackers. Additionally, IoT devices typically lack robust built-in security, such as endpoint detection and response (EDR) solutions or strong encryption mechanisms. Since they are designed for functionality over security, they are often left unpatched with outdated firmware, exposing them to known vulnerabilities. As they operate on the periphery of enterprise networks, sometimes without proper segmentation, they allow attackers to gain an initial foothold and move laterally across critical infrastructure. This makes them ideal entry points for launching widespread attacks like botnets, ransomware, and data breaches.

So what lessons can be learnt and what steps can be taken to avoid being a victim of such an attack in the future?

• Comprehensive Device Visibility: Maintaining an up-to-date inventory of all network-connected devices is essential to identify potential vulnerabilities.
• Credential Management: Replacing default credentials with robust, unique passwords is a fundamental step in securing IoT devices.
• Regular Firmware Updates: Ensuring devices run the latest firmware versions mitigates known vulnerabilities.
• Network Segmentation: Isolating IoT devices from critical IT infrastructure can limit the impact of potential breaches.

Device Authority’s own KeyScaler Discovery tool was built to tackle the challenge that many organisations were facing in not having unified visibility of their unmanaged devices and their security status. The tool offers a strategic solution to these challenges by providing unparalleled device discovery, identifying all IoT and OT assets within an organisation’s network. It also provides a vulnerability assessment, detecting devices with weak credentials, expired certificates and other known vulnerabilities, resulting in an actionable report to enable timely remediation.

KeyScaler also plays a crucial role in managing device identities at scale, ensuring that every IoT device is securely onboarded, authenticated, and continuously monitored throughout its lifecycle. By automating identity lifecycle management—including secure provisioning, credential rotation, and policy enforcement—KeyScaler helps prevent attacks like Eleven11bot by eliminating weak or default credentials and ensuring only trusted devices can operate within the network.

The Eleven11bot botnet serves as a stark reminder of the vulnerabilities present in unmanaged IoT devices. Implementing robust security measures is imperative for organisations aiming to protect their assets and maintain operational integrity in an increasingly connected world.