IoT attacks are on the rise. Hacker success is made easier thanks to lax security practices.
Cyberattacks on IoT devices surged 300% this year. One security provider’s global network of honeypots observed over 2.9 billion events in the first half of 2019. It was the first time the provider had ever measured billions of attacks within a 6-month period.
While attacks originate from many sources, Microsoft identified a remarkably large and coordinated effort in April 2019. Its officials issued a warning about a new group of hackers using IoT devices to infiltrate targeted computer networks. Officials believe the group is working for the Russian government. Experts discovered the attacks they noticed office printers, voice-over-IP phones, and video decoders in several customer locations communicating with servers belonging to the group, known as Strontium, Fancy Bear, or APT28.
See also: New High-Level IoT Security Guidelines from NIST
Digging Deeper to Find the Source
Hackers easily guessed passwords that hadn’t been changed from the factory defaults. Another device was still running outdated firmware with a known security flaw.
Microsoft has yet to identify the goal of this attack. It knows that hackers used the devices to establish a presence on the network and continue looking for additional access. Hackers used network scans to find other devices that would grant access to higher-value data.
FBI holds the group responsible for infecting over half a million consumer-grade routers in over 50 countries in a 2018 VPNFilter attack. The group used Modbus serial communications protocol to monitor, log, or modify traffic passing between network end points/ websites or industrial control systems. The FBI worked with Cisco’s Talos security group to neutralize the attack. The group also hacked the 2016 Democratic National Committee, World Anti-Doping Agency and the TV5Monde TV station in France.
Microsoft has notified the manufacturers of the affected IoT devices and hopes they will use the information to make their devices more secure.
Coordinated attacks like this highlight the gaping security holes in some IoT deployments. That so many compromised devices used default passwords and outdated firmware suggests that organizations need to up their IoT security game.