Per Microsoft, Russian state backed hackers have been using IoT devices to breach certain networks. The attacks were discovered in April when some common IoT devices (VOIP Phone, Office printer) were found to be communicating with servers associated with “Strontium,” a Russian state backed group better known as Fancy Bear.
The devices were able to be compromised due to default passwords in use, and old firmware being used with know vulnerabilities.
From the article:
“After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets. They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting. Analysis of network traffic showed the devices were also communicating with an external command and control (C2) server”
Microsoft has notified the IoT vendors to address the vulnerable devices.
Securing IoT devices can be a challenge as the device may have a proprietary OS that cannot be managed like Windows 10 IoT. Many IoT devices are configured using the set and forget method, leaving them in a vulnerable state. More education around securing IoT devices is needed prior to purchase.
https://arstechnica.com/information-technology/2019/08/microsoft-catches-russian-state-hackers-using-iot-devices-to-breach-networks/
Leave a Reply
You must be logged in to post a comment.