TTI | Network Security Insights

How Cybercriminals Use Your IoT Devices

Written by Craig Badrick | Sep 25, 2018 9:24:26 AM

Recent warnings from multiple government agencies have underscored the massive cybersecurity liability that unsecured IoT devices present.

At the beginning of August, the FBI issued a public service announcement warning companies and consumers that “cyber actors actively search for and compromise vulnerable Internet of Things (IoT) devices for use as proxies or intermediaries for Internet requests to route malicious traffic for cyberattacks and computer network exploitation.”

The announcement goes on to explain that IoT devices like network routers, audio/video streaming devices, smart garage door openers, and IP cameras are such attractive targets because they provide international cybercriminals with a layer of anonymity that is otherwise difficult to achieve. Many corporate cybersecurity programs automatically flag traffic from suspicious — often foreign — IP addresses, a defense mechanism international cybercriminals are able to circumvent by using a botnet comprised of hacked IoT devices to orchestrate their nefarious stateside activities.

With the number of IoT devices in use worldwide set to increase from 9 billion in 2017 to 22.5 billion in 2021 to a remarkable 55 billion in 2025, it’s becoming increasingly important for companies operating in every industry to start prioritizing the security of their IoT portfolio.

 

The Cost of a Hacked IoT Device

The FBI PSA outlines a number of actions cybercriminals can take once they’ve seized control of an IoT device. Included on the extensive list are sending spam emails, obfuscating network traffic, generating click-fraud activities, buying/selling/trading illegal images and goods, and selling or leasing IoT botnets to other bad actors to turn a profit. But as damaging as these activities can be, they’re just the tip of the iceberg.

In April, the FBI, U.S. Department of Homeland Security, and U.K. National Cyber Security Centre issued a joint statement addressing the ways in which foreign (especially Russian) bad actors have leveraged hacked IoT devices to compromise the IT infrastructures of both government and private-sector organizations.

According to the joint statement, cybercriminals routinely exploit IoT devices’ weak security protocols to extract device configurations, map internal network architectures, harvest login credentials, masquerade as privileged users, and modify device firmware, operating systems, and configurations.

 

How to Keep Your IoT Infrastructure Secure

Fortunately, companies aren’t entirely defenseless against those who want to use their IoT devices against them.

As the FBI announcement points out, taking steps like immediately changing IoT devices’ default usernames and passwords and patching IoT devices as soon as security upgrades are available goes a long way toward stymying cybercriminals’ efforts. Further, since most malware resides in IoT devices’ memory, frequently rebooting devices can help a company clean up compromised systems that would otherwise go unnoticed for weeks, if not months. “It’s important to do this regularly, as many actors compete for the same pool of devices and use automated scripts to identify vulnerabilities and infect devices,” the FBI explains.

Finally, gaining — and maintaining — a comprehensive understanding of everything that transpires on its networks is absolutely critical to a company’s ability to stave off IoT-based attacks. This requires two layers of network visibility. First, an IT team can use any number of software tools to detect every application being used on its networks, knowledge that is essential in a cloud computing age in which employees (and bad actors) have access to innumerable applications over the internet.

Second, an IT team should perform a thorough network audit as a means of establishing activity baselines for all of its company’s IoT endpoints. Once the team knows how various IoT devices are supposed to work, it can implement anomaly-based threat detection systems that will raise a red flag when a device may have been compromised — if a wireless printer starts pinging seemingly random network nodes out of the blue, for instance.

In addition to practicing these mitigation techniques, companies should consider partnering with a cybersecurity expert like Turn-key Technologies (TTI) — especially if they already rely heavily on IoT devices.

At TTI, we’ve been building networks that are as high-performing as they are secure for nearly three decades. This wealth of experience has given us the know-how necessary to fortify our clients’ IT infrastructures against all kinds of cyberattacks — IoT-related and otherwise. We recognize that the IoT is only going to expand in the coming years, and we can help you prepare to scale your cybersecurity protocols right alongside your IoT investment.