Compromised IoT Device Warning from FBI

Monday, August 6, 2018 @ 03:08 PM gHale

Internet of Things (IoT) devices are hitting the market with great gusto, but users need to be aware if they are secure.

That is one reason why the FBI is teaching users how to recognize when their IoT devices have suffered a compromise.

RELATED STORIES
Political Ploy or Not, Industry Needs to Act
Summit: How to Keep Security Balanced
Digital Disruption: The Race is On
HUG: Cybersecurity Plan of Action

Then the federal law enforcement agency is advising users how to keep them secure.

“Compromised devices may be difficult to detect but some potential indicators include: A major spike in monthly Internet usage; a larger than usual Internet bill; devices become slow or inoperable; unusual outgoing Domain Name Service queries and outgoing traffic; or home or business Internet connections running slow,” the FBI said in a post.

Attackers use compromised routers, time clocks, audio/video streaming devices, Raspberry Pis, IP cameras, DVRs, NAS devices, satellite antenna equipment, smart garage door openers, and other devices that communicate with the Internet to send or receive data as proxies to send email, generate click-fraud activities, conduct credential stuffing attacks, obfuscate network traffic, and so on.

“Cyber actors actively search for and compromise vulnerable Internet of Things (IoT) devices for use as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation,” the FBI said.

“IoT proxy servers are attractive to malicious cyber actors because they provide a layer of anonymity by transmitting all Internet requests through the victim device’s IP address. Devices in developed nations are particularly attractive targets because they allow access to many business websites that block traffic from suspicious or foreign IP addresses.”

FBI defense and protection recommendations include:
• Reboot devices regularly, as most malware is stored in memory and removed upon a device reboot. It is important to do this regularly as many actors compete for the same pool of devices and use automated scripts to identify vulnerabilities and infect devices.
• Changing the device’s default usernames and passwords (the latter to something long, complex and unique)
• Keeping the IoT devices regularly updated
• Isolating IoT devices from other network connections, and
• Configuring network firewalls to block traffic from unauthorized IP addresses and disable port forwarding.



Leave a Reply

You must be logged in to post a comment.