Hackers Target More than Computers

(How to Protect Your Other Devices)

Zach Porter, Risk & Business Advisory Senior
December 2016

Malware attacks, including large scale Distributed Denial of Service (DDoS) attacks, have made headlines over the last few weeks. Research has suggested that these attacks have been caused in part by a number of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders. These devices were affected by Mirai, a malware strain that scans the Internet for routers, cameras, digital video recorders (DVRs) and other IoT devices that are protected only by the factory-default passwords. Once these devices are infected with Mirai, they can be used to overwhelm a target with incredible amounts of illegitimate traffic, making it difficult, if not impossible for legitimate users to access the site.

When we think of a typical IT infrastructure and the devices that are actively managed by an organization’s IT department, it is easy to forget about devices like CCTV cameras and DVRs. These devices, however, are widely used in banks, hospitals, and other industries that could be susceptible to this kind of attack.

What steps can you take to help mitigate the risk of falling victim to a similar type of attack?

Unfortunately, there is no easy way to tell if your device has been compromised. However, there are some simple ways to eliminate the infection in the event your device has been affected:

  • Conduct a Universal Plug ‘n Play (UPnP) Exposure Test. UPnP is a technology utilized by many IoT devices that enables devices to communicate with each other. An UPnP exposure test runs a scan on your device to determine whether any of the network ports may be open and vulnerable to incoming external connections.
  • Disconnect the power source. The Mirai malware strain is housed in the memory of the device. Once the device is disconnected from its power source, the malware is removed. Even though a disconnect of the power source will wipe the malware from the device, the high frequency of the scanning conducted by the infection can lead to the device being re-infected within minutes of the reboot. A reboot alone is not enough to prevent reinfection.
  • Reset the device to the factory-default settings. If any malware is present on the device, the factory reset will wipe it permanently.
  • Change the default device password on the web interface. Once the device is reset to factory-default settings, use a Web browser to access the device’s administration panel and change the default password to something with more complexity. Here are some helpful tips to increase the security of your password:
    • Create a unique password that utilizes a combination of words, symbols, numbers, and both uppercase and lowercase letters. Passwords should be at least 8 characters.
    • Do not use any password that remotely resembles the device’s default password.
    • Do not use your network username as your password.
    • Do not use words that can easily be found in the dictionary.
    • Do not use easily-guessed keyboard combinations, such as “123456” or “qwerty.”
  • Change the default device passwords for other methods of access, such as telnet or SSH (if enabled). How often do you access your device using telnet or SSH? Probably not often. Do you know if your device is accessible using telnet? Probably not. Telnet and SSH are command-line, text-based interfaces that are typically accessed via a command prompt. Even if you have changed the password on the device’s Web interface, the same default password may still be utilized by remote users to access the device using telnet and/or SSH.

If eliminating the infection is relatively easy, preventing recurrence in a world where devices are constantly being scanned across a multitude of remote access protocols is the biggest challenge going forward. While most users are savvy enough to change the default web interface password they use and know about, many won’t think to change the other methods available on devices.

The Internet of Things has created a world where more and more everyday objects have network connectivity. In turn, there are an increased number of vulnerabilities that can be taken advantage of to marshal attacks on networks, as we saw with recent attacks. Be mindful of many devices you use that can be used against you, and the relatively immature nature of IoT security.

If you have any questions, please contact your BNN advisor at 1.800.244.7444.

Disclaimer of Liability: This publication is intended to provide general information to our clients and friends. It does not constitute accounting, tax, or legal advice; nor is it intended to convey a thorough treatment of the subject matter.