Security researchers at the Microsoft Threat Intelligence Center have found a new cyber-threat against popular IoT devices—a VOIP phone, an office printer, and a video recorder. The cybercriminals are using these devices to gain initial access to corporate networks.
The attacks on these IoT devices are being caused by an activity group that Microsoft refers to as STRONTIUM.
The internet of things (IoT) is one of the hottest technologies today. It is establishing connectivity between every single thing and the internet to make things smart.
Gartner predicted that there will be more than 20 billion IoT devices by 2020. Further, a recent Microsoft study suggests that over 85% of enterprises are already in the phase of IoT adoption.
While the IoT devices are making things easier for consumers, but such devices need to be maintained and monitored by security teams.
Microsoft researchers say that the new cyberattack against IoT devices is targeting multiple customer locations. In a couple of cases, the passwords for these devices were installed without making any change to the default passwords set by the device manufacturer. Whereas, in another case, the device wasn’t having the latest security update.
Related read: URGENT/11 vulnerabilities in VxWorks OS impact over 2 billion IoT devices
The attackers made these devices the points of ingress, took over the network, and then tried for further access. Once they successfully accessed the network, they could find the other vulnerable devices on this network by conducting a simple scan.
“They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting. Analysis of network traffic showed the devices were also communicating with an external command and control (C2) server,” explained Microsoft Threat Intelligence Center team, in a blog post.
In the last one year, the tech giant has notified around 1400 entities who were targeted by STRONTIUM cyberattack group. 20% of these attacks were against non-governmental organizations or politically affiliated organizations. Whereas, the rest 80% were targeting organizations in government, IT, military, defence, medicine, education, and engineering.
The aim of Microsoft behind sharing this information is to raise awareness of STRONTIUM cyberattack across the industry. The company is calling for better enterprise integration of IoT devices.
Also read: Top 5 hacker vulnerabilities in your systems in 2019 – and how to fix them
Apart from warning about these potential risks, Microsoft team also shared some best practices that enterprises must follow in order to protect their infrastructure and network from such activities.
Enterprises should enable approval policies for the Io devices running in the corporate environment, develop a custom security policy for every IoT device, avoid exposure of these devices directly to the internet, and more.