Cyber Actors Use Internet of Things Devices as Proxies for Anonymity and Pursuit of Malicious Cyber Activities

Cyber actors actively search for and compromise vulnerable Internet of Things (IoT) devices for use as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation. IoT devices, sometimes referred to as “smart” devices, are devices that communicate with the Internet to send or receive data. Examples of targeted IoT devices include: routers, wireless radios links, time clocks, audio/video streaming devices, Raspberry Pis, IP cameras, DVRs, satellite antenna equipment, smart garage door openers, and network attached storage devices.

IoT proxy servers are attractive to malicious cyber actors because they provide a layer of anonymity by transmitting all Internet requests through the victim device’s IP address. Devices in developed nations are particularly attractive targets because they allow access to many business websites that block traffic from suspicious or foreign IP addresses. Cyber actors use the compromised device’s IP address to engage in intrusion activities, making it difficult to filter regular traffic from malicious traffic.

Cyber actors are using compromised IoT devices as proxies to:

Send spam e-mails;
Maintain anonymity;
Obfuscate network traffic;
Mask Internet browsing;
Generate click-fraud activities;
Buy, sell, and trade illegal images and goods;
Conduct credential stuffing attacks, which occurs when cyber actors use an automated script to test stolen passwords from other data breach incidents on unrelated web-sites; AND
Sell or lease IoT botnets to other cyber actors for financial gain.

Cyber actors typically compromise devices with weak authentication, unpatched firmware or other software vulnerabilities, or employ brute force attacks on devices with default usernames and passwords.

Compromised devices may be difficult to detect but some potential indicators include:

A major spike in monthly Internet usage;
A larger than usual Internet bill;
Devices become slow or inoperable;
Unusual outgoing Domain Name Service queries and outgoing traffic; or
Home or business Internet connections running slow.

Protection and Defense

Reboot devices regularly, as most malware is stored in memory and removed upon a device reboot. It is important to do this regularly as many actors compete for the same pool of devices and use automated scripts to identify vulnerabilities and infect devices.
Change default usernames and passwords.
Use anti-virus regularly and ensure it is up to date.
Ensure all IoT devices are up to date and security patches are incorporated.
Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding.
Isolate IoT devices from other network connections.

Additional Resources

For additional information on cyber threats to IoT devices, please refer to “Common Internet of Things Devices May Expose Consumers to Cyber Exploitation,” available HERE 

Victim Reporting

If you suspect your IoT device(s) may have been compromised, contact your local FBI office and/or file a complaint with the Internet Crime Complaint Center at www.ic3.gov.

NEWS AND VIEWS

F.B.I. Internet Crime Complaint Center:  

Charlottesville announces closing of City Market, parks, facilities, roads over rally anniversary weekend 


By: The Daily Progress Staff  Courtesy www.DailyProgress.com


It’s going to take a hike to get to a march in downtown Charlottesville next weekend as city officials on Thursday announced more temporary parking restrictions and the closing of city buildings and facilities. That includes the cancellation of the popular Charlottesville City Market on Aug. 11, officials said.
“With input from the Virginia State Police, the Charlottesville Police Department and the Charlottesville Fire Department, Interim City Manager Mike Murphy has determined that it is essential for the safety of persons and property that adjustments be made to city operations, city-sponsored events, vehicular traffic and parking restrictions,” Brian Wheeler, city communications director, said in a prepared statement.


Murphy has decided to shutter City Hall, the City Hall Annex and other downtown city offices beginning at 2 p.m. Aug. 10, Wheeler said.
Public access to those locations will be limited beginning Tuesday. City Hall will only have public access through the Main Street/Downtown Mall main door and the annex will have access to the public only through the Market Street entrance.
All city parks and recreation facilities will be closed Saturday and Sunday. This includes the Carver Recreation Center, Key Recreation Center, Tonsler Recreation Center, Smith Aquatic and Fitness Center, Onesty Family Aquatic Center, Washington Park Pool, Meadowcreek Golf Course and the spray grounds at Tonsler, Belmont, Forest Hills and Greenleaf Parks.


Most of downtown between McIntire Road and Avon Street on the east and west and Water Street and High Street on the south and north either will be closed to thru-traffic or restricted to local traffic with no on-street parking permitted, according to plans released by the city.
Parking will be limited on the streets immediately surrounding the Friendship Court neighborhood on sections of Monticello Avenue, Garrett Street, Second Street Southeast and Sixth Street Southeast.


The Market Street Parking Garage will be closed to the public and open only to permit holders and those downtown residents who are losing their usual parking spaces due to the restrictions. The Water Street Parking Garage will remain open to the public and for handicapped parking.
Some roads will be accessible only to those who live or have businesses on the street, Wheeler said in the statement. The streets will have access controlled by police or other authorities.


“Only those living and working in businesses in those immediate areas will have access,” he said. “Residents and business owners/employees who will need to access these points of entry must be prepared to confirm the address of their destination at the entry point.”
The city previously announced a slew of road closures, traffic restrictions and parking prohibitions, which can be viewed at the Resilient Charlottesville page on the city’s website, www.charlottesville.org. Those changes will now begin at 6 p.m. Aug. 10 and continue through 6 a.m. Aug. 13.