The FBI is instructing users on how to recognize when their IoT devices have been compromised and advising them on how to keep them secure.
“Compromised devices may be difficult to detect but some potential indicators include: a major spike in monthly Internet usage; a larger than usual Internet bill; devices become slow or inoperable; unusual outgoing Domain Name Service queries and outgoing traffic; or home or business Internet connections running slow,” the Bureau shared in a public service announcement.
Attackers use compromised routers, time clocks, audio/video streaming devices, Raspberry Pis, IP cameras, DVRs, NAS devices, satellite antenna equipment, smart garage door openers, and other devices that communicate with the Internet to send or receive data as proxies to send email, generate click-fraud activities, conduct credential stuffing attacks, obfuscate network traffic, and so on.
“Cyber actors actively search for and compromise vulnerable Internet of Things (IoT) devices for use as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation,” they added.
“IoT proxy servers are attractive to malicious cyber actors because they provide a layer of anonymity by transmitting all Internet requests through the victim device’s IP address. Devices in developed nations are particularly attractive targets because they allow access to many business websites that block traffic from suspicious or foreign IP addresses.”
What to do?
The Bureau advises users to regularly reboot their devices, “as most malware is stored in memory and removed upon a device reboot.” They offered similar advice earlier this year, when they warned about the VPNFilter malware targeting small office and home office routers around the world, but that move would clear up only part of the infection.
Other recommendations include:
– Changing the device’s default usernames and passwords (the latter to something long, complex and unique)
Keeping the IoT devices regularly updated
– Isolating IoT devices from other network connections, and
– Configuring network firewalls to block traffic from unauthorized IP addresses and disable port forwarding.
In business environments that should be the work of IT personnel, but small and home offices can’t always count on knowledgeable IT staff and users. Calling in someone who knows what they are doing might be a good idea.
Additional helpful advice can be found in this Public Service Announcement. Even though it was released in 2015 the advice is still sound, and examples of incidents that the FBI chose to include can be eye opening to many users.