Prevent IoT Ransomware: Threat Report and Best Practices from the SecurityMetrics SOC. The Internet of Things, also known as IoT, refers to physical objects that are connected to and send data across the Internet.
Congratulations! Your coffee pot is being held for ransom.
The Internet of Things, also known as IoT, refers to physical objects that are connected to and send data across the Internet. These devices are convenient and programmable. Things like smart fridges, thermostats, baby monitors, and security systems are convenient–but vulnerable to cyber attacks. A few weeks ago, a researcher was able to hack an Internet-connected coffee pot and hold it for ransom. If you have not seen the unbelievable video, you can view it here.
What if your thermostat was hijacked by cybercriminals and held for ransom? Criminals could turn off the heat in winter, causing pipes to freeze and burst. Or, they could turn off your AC in the summer, destroying equipment until you paid up. Like most of you, I love my IoT devices. They are wonderful when they work, but if my internet-connected washing machine was ever held for ransom, there could be big problems.
The bottom line is every new device that you bring into your home or office comes with a certain level of risk that needs to be addressed.
October is National Cybersecurity Awareness Month. This year’s theme is “Do Your Part. #BeCyberSmart,” with an emphasis on the concept, “If you connect it, protect it”
These security best practices for your home or office will help you protect data and prevent breaches in this era of internet-connected devices. We advise that you perform due diligence before purchasing any device and keep security in mind while using the device.
Before buying any new Internet-connected device, put yourself in the shoes of a cyber professional by conducting a very short risk assessment:
Most firms require that you accept the terms of their privacy statement, so be sure to read it carefully. Signing the terms may limit your options for a return should there be security issues.
The privacy statement will include things like what types of data they collect, how they store data, and how data is processed, as well as the type of encryption they use. Some Internet-connected devices have the option to create backups or use encryption.
When you introduce any new device into your home or work environment, be sure you have a recovery or contingency plan. This includes reading the instructions on how to perform a factory reset on the device. If a device becomes compromised or infected with malware, you may need to quickly restore it to factory settings.
Some Internet-connected devices now require you to contact the company to reset, making recovery more complicated. Be especially wary of novelty items that lack clear instructions, are difficult to use, do not disclose how they handle data, and lack a detailed privacy statement.
If you add a new device to your home environment, verify that your router and VPN are set up securely. Your router is the heart of your network. Double check your router settings and ensure you’re not still using the default configuration.
Password manager tools help you keep track of passwords securely. If you use the same password for all of your devices, and threat actors compromise one device, it will be easier for them to compromise all of your devices. Also:
When you’re done with the device or preparing to sell it, be sure to deactivate it. If you no longer use the device, log in to the company’s website or portal to confirm that the device is offline, your credit card details are removed, and you are no longer attached to the specific device in any way. Confirm that your email and personal information are not within their data collection tools. Many folks tend to forget this step.
In fact, recently, one of my family members noticed charges from Xbox on his credit card even though he hadn’t used his account in years, and thought he had deactivated it. The cause? Xbox online was hacked several years ago, and his Xbox credentials were stolen and sold on the dark web.
For more information about National Cybersecurity Awareness Month, you can visit their website here.
.svg)
