Cyber criminals are targeting vulnerable Internet of Things (IoT) devices such as routers, IP cameras, smart locks and connected doors for conducting anonymous attacks, United States’ Federal Bureau of Investigation (FBI) has warned in a statement.
“Cyber actors actively search for and compromise vulnerable Internet of Things (IoT) devices for use as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation,” said FBI in the statement.
Vulnerable IoT devices include wireless radios links, time clocks, audio/video streaming devices, Raspberry Pis, and digital video recorders. Also at risk are satellite antenna equipment, smart garage door openers, and network-attached storage devices.
“IoT proxy servers are attractive to malicious cyber actors because they provide a layer of anonymity by transmitting all Internet requests through the victim device’s IP address,” said FBI. Devices in developed nations are particularly attractive targets because they allow access to many business websites that block traffic from suspicious or foreign IP addresses.
The anonymity makes it easier for hackers to carry out cybercrimes.
Using compromised IoT devices as proxies, cyber criminals can send spam, obfuscate network traffic, and generate click fraud activities, the FBI said.
They can also buy, sell, and trade illegal images and goods as well as sell or lease IoT botnets to other cyber actors for financial gain. Besides, they can also conduct credential-stuffing attacks. This entails using software to gain access to customers' accounts by using login details obtained from elsewhere.
Attackers find IoT devices easy to hack as many come with poor security, which can be easily cracked using default usernames and passwords, or brute force attacks that attempt to guess login details.
Although vendors release updates to fix security issues with devices, many simply forget to apply them.
The FBI recommends rebooting smart products regularly to prevent cybercrimes as most malware is stored in the memory and is removed upon a device reboot.
Cyber security for IoT has been hogging the spotlight these days. Last month, a study by high-tech communications consultancy Juniper Research said that spending on IoT security is set to reach over $6 million globally by 2023.