IOT devices and weak passwords are a recipe for disaster.
According to Microsoft, A state-sponsored Russian hacking group has been taking advantage of Internet of Things devices’ poor security measures to infiltrate corporate networks.
Microsoft shared that researchers from their own Threat Intelligence Center have discovered hacking attempts on businesses deploying popular IoT devices, specifically VOIP phones, office printers and video decoders. In quite a few scenarios, the hackers didn’t even have to break the passwords: the devices used their manufacturers’ default ones. #”password”=badpassword
Microsoft has accredited the attacks to a group called Strontium, also known as Fancy Bear and APT28. Fancy Bear is generally attributed as the group of state-sponsored Russian hackers involved in the 2016 DNC hack, numerous infiltration attempts on US officials and attempts to disrupt the EU elections earlier this year.
Fortunately, Microsoft identified these attacks in their early stages, so the group’s objectives are uncertain. What is certain is that these IoT devices have became points of entry for the infiltrators, allowing them to look for a way to dig deeper into the network.
The company explained:
“After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets. They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting. Analysis of network traffic showed the devices were also communicating with an external command and control (C2) server.”
Microsoft said it has already delivered “1,400 nation-state notifications” to those who’ve been targeted by Strontium. Most of them were attacks targeting government, IT, military, defense, medicine, education and engineering sectors. One in five, however, targeted non-government organizations, think tanks and politically affiliated groups around the world.
Microsoft is now strongly encouraging organizations to protect their networks by securing their IoT devices.
If you need assistance with your cybersecurity business needs contact DarkHound SecOps at [email protected].
Source: Microsoft Security Response Center