FBI Issues Warning on New Malware leveraging the IoT

By RMON Networks | November 29, 2016

FBI Issues Warning on New Malware to Spur Large-Scale Cyber Attacks

“The exploitation of the ‘Internet of Things’ (IOT) to conduct small-to-large scale attacks on the private industry will very likely continue due to the open availability of the malware source codes for targeting IoT devices and insufficient IOT device security,” the FBI’s Task Force stated in the notice.

This latest threat has been credited to the IoT botnet Mirai, which scours the internet looking for vulnerable IoT devices using a table of more than 60 common factory default username and password, and then logs into them to infect with the Mirai malware.

Read more about this attack on Sophos’ (our trusted security partners) blog:

Here are some basic tips to protect your IoT devices:

  • Research the most secure products before buying. For example, some mobile phones have never, and will never, receive security fixes.
  • Secure your router with a strong password. Some routers don’t even use a password, while some rely on a default password that’s easy to guess. Here’s how to cook up a strong one.
  • Secure the device by changing its default user name and password. The ICO notes that default credentials for many devices are freely available on the internet and can be located with ease. Again, choose a strong password, and make sure it’s unique. As it is, there are tools that automatically sniff out reused credentials, making it even easier to get into all the sites where you’ve reused the same password..
  • Check manufacturers’ sites for known security vulnerabilities. Don’t leave vulnerabilities on the back burner: make sure to update the software in a timely manner.
  • Don’t just plug and play. Instead, take the time to read the manual: there might be extra security and privacy options available.
  • Use two-step authentication (2FA) whenever possible. 2FA isn’t infallible, but it’s damn good at keeping crooks out of your accounts, even if they pilfer your username and password.

Need Help Protecting Your Business? Contact Us Today!