We all love convenience, and with the Internet of Things (or IoT) we’ve got it all in one place.
Think about it: you can surf the internet, stream a movie, pay a bill and control both your lights and temperature all thanks to Wi-Fi connectivity.
Securing your smart home devices is essential to protecting your privacy, data, and overall home network. Ivana Cojbasic, Chief Information Security Officer at Regions Bank
Unfortunately, no one knows that better than cyber scammers, who use internet-connected devices to facilitate criminal activity.
“While we love the added convenience, we have to be aware of the potential threats IoT devices introduce to our personal lives due to weak default security and constant connectivity,” said Ivana Cojbasic, Chief Information Security Officer at Regions Bank. “Securing your smart home devices is essential to protecting your privacy, data, and overall home network.”
Don’t take our word for it. The FBI just released a PSA alert to warn about cyber criminals exploiting the Internet of Things.
“Cyber criminals gain unauthorized access to home networks through compromised IoT devices, such as TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and other products,” the FBI said in the warning. “Most of the infected devices were manufactured (overseas). Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the devices as it downloads required applications that contact backdoors, usually during the set-up process.
“Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services known to be used for malicious activity.”
According to the FBI, BADBOX 2.0 was discovered after the original BADBOX campaign was disrupted in 2024. The new version consists of millions of infected devices and maintains numerous backdoors that cyber criminals use to exploit.
“This ease of access certainly makes our life easier,” said Jeff Taylor, head of Commercial Fraud Forensics at Regions Bank. “But with that ease you’re putting your network and information at risk.”
Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the devices as it downloads required applications that contact backdoors, usually during the set-up process.Ivana Cojbasic
FBI’s Internet of Things Indicators
According to the FBI, potential indicators of BADBOX 2.0 botnet activity include:
- The presence of suspicious marketplaces where apps are downloaded.
- Requiring Google Play protect settings to be disabled.
- Generic TV streaming devices advertised as unlocked or capable of accessing free content.
- IoT devices advertised from unrecognizable brands.
- Android devices that are not Play Protect certified.
- Unexplained or suspicious Internet traffic.
FBI Recommended Mitigations
- Maintaining awareness and monitoring internet traffic of home networks.
- Assess all IoT devices connected to home networks for suspicious activity.
- Avoid downloading apps from unofficial marketplaces advertising free streaming content.
- Keeping all operating systems, software and firmware up to date. Timely patching is one of the most efficient and cost-effective steps to minimize its exposure to cybersecurity threats. Prioritize patching firewall vulnerabilities and known exploited vulnerabilities in internet-facing systems.
- Utilize multi-factor and biometric authentication to secure your devices.
According to the FBI, the best next step if you think you have become a victim of intrusion is to file a report with the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.
Additional Resources from Regions.com
The information presented is general in nature and should not be considered, legal, accounting or tax advice. Regions reminds its customers that they should be vigilant about fraud and security and that they are responsible for taking action to protect their computer systems. Fraud prevention requires a continuous review of your policies and practices, as the threat evolves daily. There is no guarantee that all fraudulent transactions will be prevented or that related financial losses will not occur. Visit regions.com/STOPFRAUD or speak with your Banker for further information on how you can help prevent fraud.