A team of researchers at the Howard University College of Engineering and Architecture along with industry cybersecurity experts, conducted a 17-month investigation on smart IoT device abuse in financial cyber crime.
Danda B. Rawat, PhD, associate dean for research and graduate studies, graduate student researchers Yuba Siwakoti and Manish Bhurtel, and cybersecurity experts Adam Oest and RC Johnson made up the team investigating. They applied a sampling strategy using standardised data from known cybersecurity vulnerabilities, public research data, and the Shodan search engine’s exposure.
The study, ‘IP Camera Can Be Abused for Payments: A Study of IoT Exploitation for Financial Services Leveraiging Shodan and Criminal Infrastructures’ is the first study to date that reveals the extent to which smart devices are hacked and used in financial cyber crime.
They tracked smart devices repurposed as proxies across the darknet, underground forums, and Telegram, where they were exploited in financial crimes like illegal transfers, crypto theft, and credit card fraud.
Conventionally, financial crimes involve stealing financial information such as credit card numbers or bank acccount login credentials to commit fraud or identity theft or manipulate financial transactions. Some financial cyber criminals also commit fraud through ATM skimming or money transfers from accounts that have been compromised.
The team discovered that the smart devices most frequently hacked for financial cyber crime are smart digital security cameras or IP cameras.
Financial institutions are a main target and pose greater security risks as they can involve massive monetary losses, business disruption, and threaten the confidentiality, integrity, and availability of these institutions.
Rawat and his team have made important security recommendations in their publication. Frequent network monitoring and scanning of devices is necessary to detect vulnerabilities early on and prevent cyber crime. Tools like Shodan are crucial in determining if a device has been exposed. Anti-financial tools are also available to financial institutions.
Finally, staying alert and paying attention to any unusual activity on smart devices is key and can protect consumers and businesses from financial cyber crime.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.
