- Run the latest firmware version on IoT devices.
- Disable remote access where possible.
- Change default administrator account credentials and use strong, unique passwords.
- Enable multi-factor authentication (MFA) on devices where offered.
- Monitor IoT devices for suspicious login attempts.
- Replace end-of-life (EOL) IoT devices with supported models.
- Review the GreyNoise blog post on Eleven11bot and consider blocklisting IP addresses linked to the botnet.
- Review the IoT Device Security and Privacy NJCCIC product for additional information on securing IoT devices.
