Microsoft Say The IoT Is Under Attack

Microsoft’s recent IoT Signals Report explains that several of their sources believe that within a year around 50 billion IoT devices will be set-up worldwide. These IoT devices are focused and can connect to a network and many are simply connected to the Internet without security or monitoring. 
 
But these items should be secured, maintained and watched by security teams, especially in large organisations, however in many instances this is not being done and the IT operators are often unaware that they are on the network. 
 
Now one of Russia's elite state-sponsored hacking groups is going after IoT devices as a way to breach corporate networks, from where they can focus on the target. Attacks have been observed in the wild said the Microsoft Threat Intelligence Center, one of the OS maker's cyber-security divisions.
 
The OS maker attributed the attacks to a group it calls Strontium, but is also commonly known as APT28 or Fancy Bear.
This group has been previously involved in the DNC hack of 2016, and which, according to an indictment filed in 2018 by US officials, has been identified as Unit 26165 and Unit 74455 of the Russian military intelligence agency GRU
 
In April Microsoft Saw IoT items being Attacked
Microsoft said that in April this year, its staff spotted Strontium attempting "to compromise popular IoT devices across multiple customer locations." The hacker group tried to exploit a VOIP phone, an office printer, and a video decoder, Microsoft said.
"The investigation uncovered that an actor had used these devices to gain initial access to corporate networks," the Redmond-based company said. "In two of the cases, the passwords for the devices were deployed without changing the default manufacturer's passwords and in the third instance the latest security update had not been applied to the device."
 
Microsoft said hackers used the compromised IoT devices as an entry point into their targets' internal networks, where they'd scan for other vulnerable systems to expand this initial foothold.
 
Microsoft said it identified and blocked these attacks in their early stages, so its investigators weren't able to determine what Strontium was trying to steal from the compromised networks.
 
Microsoft’s Recommendations for Securing Enterprise IoT
There are additional steps an organisation can take to protect their infrastructure and network from similar activity. Microsoft recommends the following actions to better secure and manage risk associated with IoT devices:-
  • Require approval and cataloging of any IoT devices running in your corporate environment.
  • Develop a custom security policy for each IoT device.
  • Avoid exposing IoT devices directly to the internet or create custom access controls to limit exposure.
  • Use a separate network for IoT devices if feasible.
  • Conduct routine configuration/patch audits against deployed IoT devices.
  • Define policies for isolation of IoT devices, preservation of device data, ability to maintain logs of device traffic, and capture of device images for forensic investigation.
  • Include IoT device configuration weaknesses or IoT-based intrusion scenarios as part of Red Team testing.
  • Monitor IoT device activity for abnormal behavior (e.g. a printer browsing SharePoint sites…).
  • Audit any identities and credentials that have authorized access to IoT devices, users and processes.
  • Centralise asset/configuration/patch management if feasible.
  • If your devices are deployed/managed by a 3rd party, include explicit Terms in your contracts detailing security practices to be followed and Audits that report security status and health of all managed devices.
  • Where possible, define SLA Terms in IoT device vendor contracts that set a mutually acceptable window for investigative response and forensic analysis to any compromise involving their product.
 
 Microsoft Blog:                    ZDNet
 
You Might Also Read: 
 
The IoT Is A Big Headache For Software Developers:
 
 
 
« Russian Agents Are Behind Many Recent Attacks
N. Korea’s Hackers Stole $2b To Fund Its Missile Program »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

National Association of State Chief Information Officers (NASCIO)

National Association of State Chief Information Officers (NASCIO)

NASCIO's Cybersecurity Committee focuses helps state CIOs to formulate high-level security and data protection policies and technical controls.

Galois

Galois

Galois specializes in the research and development of new technologies that solve the most difficult problems in computer science.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

Achtwerk

Achtwerk

Achtwerk manufacture the security appliance IRMA for critical infrastructures and networked automation in production plants.

Sopher Networks

Sopher Networks

Sopher is a secure communication and collaboration platform for business and personal use.

Veriff

Veriff

Veriff provides highly-automated identity-verification services that prevent fraud like nothing else on the market.

Fairfirst Insurance

Fairfirst Insurance

Fairfirst Cyber Insurance protects your business assets against the complexity of cyber threats.

Pyxsoft PowerWAF

Pyxsoft PowerWAF

Pyxsoft PowerWAF responds to the problem of business cybersecurity. We protect our clients' websites and data against attacks and exploitation of all kinds of vulnerabilities.

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance Solutions

Resilience Cyber Insurance combines insurance expertise with cybersecurity and data talent to deliver clear, effective solutions to protect you for the cyberrisks of today—and tomorrow.

Wizard Cyber

Wizard Cyber

At Wizard Cyber, we simplify cyber security, delivering an advanced service that protects your high-risk assets from the complex threats that technology alone can miss, 24/7.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

Wisetek

Wisetek

Wisetek is a global provider of end-to-end IT Asset Disposition (ITAD), reuse and secure data destruction management services to the world’s leading IT Corporations, data centres and manufacturers.

The PenTesting Company

The PenTesting Company

The PenTesting Company is owned and operated by offensive security professionals. Penetration Testing is essentially all we do.

ABM Technology Group

ABM Technology Group

ABM Technology Group (formerly True IT) provide business information technology services, solutions, and consulting for small to mid-sized organizations.

Cyber Unicorns

Cyber Unicorns

Cyber Unicorns is a cyber security consultancy created to help drive cyber security outcomes in the small to medium-sized business space.

SentryMark

SentryMark

Stay a Step Ahead of Emerging Threats. Deviate from the traditional siloed defenses and get the proactive and responsive cybersecurity solutions and services you deserve with SentryMark today.