FBI adds new guidance as IoT proxy incidents increase
The Federal Bureau of Investigation is re-emphasizing the security risks of Internet of Things devices, saying providers and other organizations should step up oversight of the devices.
The agency issued a comprehensive guidance document this past week, building upon a guidance document that it issued last August. The impetus for the new FBI information is that it’s seen cybercriminals use the devices to hack into systems anonymously.
IoT devices are widely believed to increase the attack surface for healthcare and other organizations, which are increasingly implementing the devices.
In the expanded guidance, the FBI explains how cybercriminals use Internet of Things devices as proxies for staying anonymous while pursing malicious activities, and how healthcare organizations and other entities can stay safe. These threat actors search for and compromise vulnerable IoT devices and use them as proxies for Internet requests to route malicious traffic for cyberattacks and exploitation of computer networks, the FBI contends.
IoT devices communicate with the Internet to send or receive data from such devices as routers, wireless radio links, time clocks, audio/video streaming devices, Raspberry PI (a small affordable computer used to learn programming), IP cameras, DVRs, satellite antenna equipment, smart garage door openers and network-attached storage devices.
All of these targets are attractive as they give a layer of anonymity by transmitting all Internet requests through a victim’s IP address. Devices in developed nations are very attractive because they enable access to business websites that block traffic from suspicious or foreign IP addresses. Consequently, a hacker can use compromised IP addresses of devices to engage in intrusion activities, making it difficult to filter regular traffic from malicious traffic, the investigatory agency contends.
There are multiple ways that cyber actors can use their compromised devices, according to the FBI. Examples include:
* Sending spam emails
* Maintaining anonymity during attacks
* Obfuscating network traffic
* Masking internal browsing
* Generating click-fraud activities (getting paid by companies for how many people click on ads)
* Buying, selling and trading illegal images and goods
* Conducting credential-stuffing attacks, which occur when cybercriminals use an automated script to test stolen passwords from other breach incidents on unrelated websites
*Selling or leasing IoT botnets to other cyber actors for financial gain
The FBI further cautions that cyber actors compromise devices with weak authentication, unpatched firmware or other software vulnerabilities, or employ brute-force attacks on devices with default username and passwords.
Indications of compromised devices could include a big spike in monthly Internet usage, larger Internet bills, devices that become slower, unusual outgoing Domain Name Service queries and outgoing traffic.
The FBI also suggests rebooting devices regularly, because most malware is stored in memory and is removed upon a device reboot.