The FBI, via the Internet Crime Complaint Center at www.ic3.gov has information they want you to know about. The government is worried about the threats that bad guys are posing to all of us who use tech, especially Internet of Things (IoT) devices.
The bad guys compromised IoT device for many reasons, including for use as ways to steal your private information and also to use to leap into other devices or to launch denial of service attacks.
You know what IoT devices are, right? Examples include: routers, wireless radios links, time clocks, audio/video streaming devices, Raspberry Pis, IP cameras, DVRs, satellite antenna equipment, smart garage door openers, and network attached storage devices.
IoT proxy servers are attractive to malicious cyber actors because they provide a layer of anonymity by transmitting all Internet requests through the victim device’s IP address. Devices in developed nations are particularly attractive targets because they allow access to many business websites that block traffic from suspicious or foreign IP addresses. Cyber actors use the compromised device’s IP address to engage in intrusion activities, making it difficult to filter regular traffic from malicious traffic.
Cyber actors are using compromised IoT devices as proxies to:
- Send spam e-mails;
- Maintain anonymity;
- Obfuscate network traffic;
- Mask Internet browsing;
- Generate click-fraud activities;
- Buy, sell, and trade illegal images and goods;
- Conduct credential stuffing attacks, which occurs when cyber actors use an automated script to test stolen passwords from other data breach incidents on unrelated web-sites; AND
- Sell or lease IoT botnets to other cyber actors for financial gain.
Cyber actors typically compromise devices with weak authentication, unpatched firmware or other software vulnerabilities, or employ brute force attacks on devices with default usernames and passwords.
Compromised devices may be difficult to detect but some potential indicators include:
- A major spike in monthly Internet usage;
- A larger than usual Internet bill;
- Devices become slow or inoperable;
- Unusual outgoing Domain Name Service queries and outgoing traffic; or
- Home or business Internet connections running slow.
Protection and Defense
- Reboot devices regularly, as most malware is stored in memory and removed upon a device reboot. It is important to do this regularly as many actors compete for the same pool of devices and use automated scripts to identify vulnerabilities and infect devices.
- Change default usernames and passwords.
- Use anti-virus regularly and ensure it is up to date.
- Ensure all IoT devices are up to date and security patches are incorporated.
- Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding.
- Isolate IoT devices from other network connections.
This guidance is very complimentary to the more technical information on protecting IoT put out by the DHS’s US Cert.