The Federal Bureau of Investigation (FBI) released a Public Service Announcement on August 2, 2018 entitled “Cyber Actors Use Internet of Things Devices as Proxies for Anonymity and Pursuit of Malicious Cyber Activities,” which outlines how cyber criminals search for and compromise vulnerable IoT devices “for use as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation.”
The smart devices most commonly targeted by cyber criminals include: routers, wireless radio links, time clocks, audio/video streaming devices, Raspberry Pis, IP cameras, DVRs, satellite antenna equipment, smart garage door openers, and network attached storage devices.
According to the article, these devices are used as proxy servers and allow the criminal to use them anonymously for malicious activity. If the cyber criminal uses the victim’s legitimate IP address, it allows the criminal access to business websites that block malicious IP addresses, thereby making it difficult for a business to distinguish the malicious actor from a legitimate user.
“By using the compromised IoT device, the threat actor can use it as a proxy to:
- Send spam e-mails;
- Maintain anonymity;
- Obfuscate network traffic;
- Mask Internet browsing;
- Generate click-fraud activities;
- Buy, sell, and trade illegal images and goods;
- Conduct credential stuffing attacks, which occurs when cyber actors use an automated script to test stolen passwords from other data breach incidents on unrelated web-sites; and
- Sell or lease IoT botnets to other cyber actors for financial gain.”
The article suggests that malicious actors target devices that have weak authentication, don’t have up-to-date patching, or that they compromise with brute force attacks. It also provides tips on protection and defense against these risks.