Who We Are
- - The Global Cyber Alliance has a singular purpose: to reduce cyber risk. Learn about our goals, our impact, and meet the minds behind our mission.
Our Work
- - We help people reduce the risk they face online while working to solve systemic issues that cause online harm.
- - Internet Integrity
- - Capacity & Resilience
    - GCA Toolkits
    - ACT
- - Ecosystem Engagement
Tools
- - We create free, useful tools that make a real impact on improving security for organizations and individuals. Explore our tools here.
Get Involved
- - There are many ways that you can become part of our global effort. Whether it’s using one of our tools to help improve your own cybersecurity, partnering with us on cutting edge projects, or investing resources, your involvement is what makes our success possible!
- - Use a Tool
  - Become a Partner
- - Community Forum
  - Donate
News & Events
- - Explore the latest news from across the GCA community, find upcoming webinars and local events, and dive deeper into resource content.
- - News
  - Events
- - Blog
  - Reports & Publications

Who We Are
- - The Global Cyber Alliance has a singular purpose: to reduce cyber risk. Learn about our goals, our impact, and meet the minds behind our mission.
Our Work
- - We help people reduce the risk they face online while working to solve systemic issues that cause online harm.
- - Internet Integrity
- - Capacity & Resilience
    - GCA Toolkits
    - ACT
- - Ecosystem Engagement
Tools
- - We create free, useful tools that make a real impact on improving security for organizations and individuals. Explore our tools here.
Get Involved
- - There are many ways that you can become part of our global effort. Whether it’s using one of our tools to help improve your own cybersecurity, partnering with us on cutting edge projects, or investing resources, your involvement is what makes our success possible!
- - Use a Tool
  - Become a Partner
- - Community Forum
  - Donate
News & Events
- - Explore the latest news from across the GCA community, find upcoming webinars and local events, and dive deeper into resource content.
- - News
  - Events
- - Blog
  - Reports & Publications

IoT Policy and Attack Report

GCA Internet Integrity Papers, Issue I

IoT Policy and Attack Report

This is the first issue of the GCA Internet Integrity Papers series, which shows the results of an IoT Policy and Attack research project conducted jointly by the Global Cyber Alliance (GCA) and Microsoft.

Based on data about real IoT attacks extracted from GCA’s AIDE platform and ProxyPot infrastructure, the project aims at providing factual evidence on the validity of the most widespread policies, recommendations, and standards on IoT security around the globe.

The result of the research strongly suggests that policymakers are correct in emphasizing secured access when turning standards into policy. Strong passwords, vulnerability disclosure policies, and efficient patching should be guiding principles of any baseline strategy for IoT protection.

The key findings of the report can be summarized as follows:

The ETSI principles of “no default passwords,” “implement a vulnerability disclosure policy,” and “keep software updated” operate as a golden rule for IoT security
Secured access and strong passwords go hand in hand
Telnet is as a perfect gateway for IoT attacks (use SSH instead); Mirai is, by far, the largest source of Telnet-based attacks
AIDE and ProxyPot work as reliable testing tools to validate IoT policies, standards, and recommendations

Download the Report