After reading an article published by the FBI regarding IoT or “smart” device threats, I was compelled to share some information on a tech trend that is rapidly becoming a part of our everyday lives. New technologies and gadgets are purchased or gifted every day to make life simple and more organized. The simplicity and combined conveniences could bring a false sense of security.
Do you have electronic thermostats, doorbells, refrigerators and music services, wireless radios links, time clocks, IP cameras, RF tracking systems or even a large fish tanks in your home or office? If so, these are all IoT devices and they are vulnerable to cyber-attacks.
Fish tanks? Is this guy serious…? Yes, he is!
Cybercrime is predicted to cost companies $6 TRILLION dollars worldwide by 2021. The number of IoT devices in use is expected to increase from 5 billion in 2018 to an estimated 20 to 50 billion by 2020.
Once an IoT device is compromised, cyber criminals can facilitate attacks on other systems or networks, send spam e-mails, steal personal information, interfere with physical safety, and leverage compromised devices for participation in distributed denial of service (DDoS) attacks.
A cybercriminal needs to do two things, access the network and transfer the collected data… so they are creating two points of contact on the firewall. How can a criminal access the firewall twice and not be identified you may ask. It is because the IoT devices are not part of the main network and are presumed safe.
Cybercriminals were able to hack into an unnamed casino using its internet-based thermostat used to regulate the aquarium’s temperature in the main lobby of the casino. Hackers exploited a vulnerability in the thermostat to get a foothold in the network. Once there, they managed to access the high-roller database of gamblers and “then pulled it back across the network, out the thermostat, and up to the cloud.”
How can they do it? Most manufacturers of things like cameras, thermostats focus on performance but ignore security measures and even encryption thereby making them easy to use as access points.
Unsecured or poorly secured devices provide opportunities for cyber criminals to intrude on private networks and gain access to other devices and information attached to these networks. Cyber criminals often take advantage of default usernames and passwords to merge IoT devices with others into a large botnet.
Change default usernames and passwords that are preinstalled on your devices. Simply because many default passwords are available on the Internet.
The installer code used to get back to the programming menu screen on a Honeywell alarm system is 4112. Really, google ADT installer code.
So as our personal and professional live include more and more IoT devices, each of us should consider how to protect ourselves and do not reply on the manufacturers. The best way you can protect IoT devices is to connect only trusted devices to your network and place them behind a firewall device like the device we use to not only identify IoT threats but also allows us to fence these devices within your network to prevent a data breach. If you want more details, reach out to me at RodM@Discoverycf.com and I will share what we use to protect our networks.
It may seem silly for me to type but, keep your operating systems and software up-to-date. Reboot IoT devices to get new firmware updates, and most importantly, educate yourself about IoT products. Your digital footprint is expanding every year, so learn how to protect yourself an your business. We offer free vulnerability scans for office with 25 or more computers, so if you have concerns, trust your current IT vendor but verify with us.
I hope this motivates you to learn more about how cybercriminals are looking for every opening to get your data onto the darkweb.