There has been plenty of discussion about the Internet of Things (IoT) and related security issues. Some people think about security in terms of protecting IoT devices from attacks. But what may be a bigger problem is malicious parties using IoT devices as a proxy to attack systems and endpoints outside of IoT, essentially using the IoT devices as the traffic generation points.
FBI Announcement
The FBI issued a public service announcement concerning this very kind of IoT attack. The announcement provides examples of IoT devices that may be compromised, such as industrial sensors, meters, routers, wireless radio links, time clocks, audio/video streaming devices, IP cameras, DVRs, satellite antenna equipment, smart garage door openers, and network-attached storage devices. The risks are not only to your devices, but also to greater Internet connections that may be attacked through your IoT devices.
IoT proxy servers are attractive to attackers because they offer anonymity by transmitting all requests through the victim's (your enterprise) IP address. The FBI points out that developed nations are very attractive targets because they allow access to a wide range of business websites. Attackers can use compromised IP addresses to facilitate their intrusion activities. This makes it difficult to distinguish between regular traffic and malicious traffic. You will have to monitor your environment for changed behaviors. The FBI recommends:
- Watch for significant changes in monthly Internet traffic that you did not expect
- If your Internet bill is based on data traffic, watch for an increased bill
- Look for those devices and endpoints that either become slow in operation or are inoperable
- Watch for unanticipated outgoing domain name service queries
- Monitor how fast your interconnect connections are operating; if they are slow, this is an indicator of malicious traffic
DHS Security Tip
Security issues and resilience risks have existed for decades. The scale of interconnectedness created by the IoT has increased these risks and created new ones. Today's attackers can now scale by infecting large numbers of devices, allowing them access to the data on those devices and the ability to attack other computers or devices for malicious behavior.
The U.S. Department of Homeland Security (DHS) issued a Security Tip concerning IoT, with insight from the U.S. Computer Emergency Response Team (US-CERT) and the National Cybersecurity and Communications Integration Center's (NCCIC). NCCIS's mission is to reduce the risk of systemic cybersecurity and communications challenges in cyber defense, incident response, and operational integration center.
This paper added more recommendations for securing Internet-enabled devices:
- Evaluate your security settings -- Enabling features to increase convenience or functionality can lead to attack vulnerability. Examine the settings -- especially the security settings -- and only select options without putting devices at increased risk. When installing a patch or a new software version, reevaluate the settings to ensure that they are still appropriate.
- Ensure you have up-to-date software -- Patches are software updates that resolve an issue or vulnerability within the device's software. Ensure that you apply relevant patches ASAP to protect your devices. You can review all the recent security bulletins here. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard:
- High severity vulnerabilities have a CVSS base score of 7.0 - 10.0
- Medium severity vulnerabilities have a CVSS base score of 4.0 - 6.9
- Low severity vulnerabilities have a CVSS base score of 0.0 - 3.9
- Connect carefully -- When a device is connected to the Internet, it's accessible by millions of other computers. This connection allows attackers access to your device. Consider whether you should implement continuous connectivity to the Internet.
Protection and Defense
You probably will never know where the malicious traffic is generated. There are some steps recommended in the FBI announcement that can reduce your vulnerabilities:
- You should never use default usernames and passwords. Use strong passwords. You may want to change the usernames and passwords periodically.
- Problems can accumulate in your devices. Periodically reboot those devices.
- Regularly use antivirus software. Ensure that it's up-to-date. If you are using IoT devices, you may want to employ fog computing devices which can provide the added security and protection.
- Assuming that you have a firewall, ensure that it blocks traffic from unauthorized addresses, and disable port forwarding.
- Whenever possible, isolate IoT devices from other network connections.
If you suspect your IoT device(s) may have been compromised, contact your local FBI office and/or file a complaint with the Internet Crime Complaint Center.
Related content: