FBI: Cyber Actors Use IoT Devices as Proxies for Malicious Cyber Activities

Reboot your IoT Devices regularly!

https://www.ic3.gov/media/2018/180802.aspx

https://www.ic3.gov/media/2017/171017-1.aspx

“Reboot devices regularly, as most malware is stored in memory and removed upon a device reboot. It is important to do this regularly as many actors compete for the same pool of devices and use automated scripts to identify vulnerabilities and infect devices.”

https://www.us-cert.gov/ncas/tips/ST17-001

https://www.us-cert.gov/ncas/current-activity/2018/08/02/FBI-Releases-Article-Securing-Internet-Things

https://www.us-cert.gov/ncas/tips/ST17-001

 

 

FBI recommendations on consumer IoT security

Back in September, the FBI issued a security warning for the IoT, how it brings opportunties for criminals:

http://news.softpedia.com/news/fbi-issues-alert-on-the-security-of-internet-of-things-iot-devices-491566.shtml

Excerpt of their recommendations:

Consumer Protection and Defense Recommendations

* Isolate IoT devices on their own protected networks;
* Disable UPnP on routers;
* Consider whether IoT devices are ideal for their intended purpose;
* Purchase IoT devices from manufacturers with a track record of providing secure devices;
* When available, update IoT devices with security patches;
* Consumers should be aware of the capabilities of the devices and appliances installed in their homes and businesses. If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow it operate on a home network with a secured Wi-Fi router;
* Use current best practices when connecting IoT devices to wireless networks, and when connecting remotely to an IoT device;
* Patients should be informed about the capabilities of any medical devices prescribed for at-home use. If the device is capable of remote operation or transmission of data, it could be a target for a malicious actor;
* Ensure all default passwords are changed to strong passwords. Do not use the default password determined by the device manufacturer. Many default passwords can be easily located on the Internet. Do not use common words and simple phrases or passwords containing easily obtainable personal information, such as important dates or names of children or pets. If the device does not allow the capability to change the access password, ensure the device providing wireless Internet service has a strong password and uses strong encryption.

Full article:

http://www.ic3.gov/media/2015/150910.aspx