Microsoft Say The IoT Is Under Attack

Microsoft’s recent IoT Signals Report explains that several of their sources believe that within a year around 50 billion IoT devices will be set-up worldwide. These IoT devices are focused and can connect to a network and many are simply connected to the Internet without security or monitoring. 
 
But these items should be secured, maintained and watched by security teams, especially in large organisations, however in many instances this is not being done and the IT operators are often unaware that they are on the network. 
 
Now one of Russia's elite state-sponsored hacking groups is going after IoT devices as a way to breach corporate networks, from where they can focus on the target. Attacks have been observed in the wild said the Microsoft Threat Intelligence Center, one of the OS maker's cyber-security divisions.
 
The OS maker attributed the attacks to a group it calls Strontium, but is also commonly known as APT28 or Fancy Bear.
This group has been previously involved in the DNC hack of 2016, and which, according to an indictment filed in 2018 by US officials, has been identified as Unit 26165 and Unit 74455 of the Russian military intelligence agency GRU
 
In April Microsoft Saw IoT items being Attacked
Microsoft said that in April this year, its staff spotted Strontium attempting "to compromise popular IoT devices across multiple customer locations." The hacker group tried to exploit a VOIP phone, an office printer, and a video decoder, Microsoft said.
"The investigation uncovered that an actor had used these devices to gain initial access to corporate networks," the Redmond-based company said. "In two of the cases, the passwords for the devices were deployed without changing the default manufacturer's passwords and in the third instance the latest security update had not been applied to the device."
 
Microsoft said hackers used the compromised IoT devices as an entry point into their targets' internal networks, where they'd scan for other vulnerable systems to expand this initial foothold.
 
Microsoft said it identified and blocked these attacks in their early stages, so its investigators weren't able to determine what Strontium was trying to steal from the compromised networks.
 
Microsoft’s Recommendations for Securing Enterprise IoT
There are additional steps an organisation can take to protect their infrastructure and network from similar activity. Microsoft recommends the following actions to better secure and manage risk associated with IoT devices:-
  • Require approval and cataloging of any IoT devices running in your corporate environment.
  • Develop a custom security policy for each IoT device.
  • Avoid exposing IoT devices directly to the internet or create custom access controls to limit exposure.
  • Use a separate network for IoT devices if feasible.
  • Conduct routine configuration/patch audits against deployed IoT devices.
  • Define policies for isolation of IoT devices, preservation of device data, ability to maintain logs of device traffic, and capture of device images for forensic investigation.
  • Include IoT device configuration weaknesses or IoT-based intrusion scenarios as part of Red Team testing.
  • Monitor IoT device activity for abnormal behavior (e.g. a printer browsing SharePoint sites…).
  • Audit any identities and credentials that have authorized access to IoT devices, users and processes.
  • Centralise asset/configuration/patch management if feasible.
  • If your devices are deployed/managed by a 3rd party, include explicit Terms in your contracts detailing security practices to be followed and Audits that report security status and health of all managed devices.
  • Where possible, define SLA Terms in IoT device vendor contracts that set a mutually acceptable window for investigative response and forensic analysis to any compromise involving their product.
 
 Microsoft Blog:                    ZDNet
 
You Might Also Read: 
 
The IoT Is A Big Headache For Software Developers:
 
 
 
« Russian Agents Are Behind Many Recent Attacks
N. Korea’s Hackers Stole $2b To Fund Its Missile Program »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Qualys

Qualys

Qualys is a pioneer and leading provider of cloud security and compliance solutions.

Backup Systems

Backup Systems

Backup Systems is a leading backup and disaster recovery systems provider across the UK.

Information Security Forum (ISF)

Information Security Forum (ISF)

The ISF is a leading authority on information security and risk management.

MIT Internet Policy Research Initiative (IPRI)

MIT Internet Policy Research Initiative (IPRI)

IPRI's mission is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems

Engineering Group

Engineering Group

Engineering is the Digital Transformation Company, a leader in Italy and with over 80 offices across Europe, the United States, and South America.

Kivu Consulting

Kivu Consulting

Kivu Consulting combines technical and legal expertise to deliver data breach response, investigative, discovery and forensic solutions worldwide.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

Golden Frog

Golden Frog

Golden Frog is a Virtual Private Network services provider offering secure encrypted access to the internet.

Intelligent Business Solutions Cyprus (IBSCY)

Intelligent Business Solutions Cyprus (IBSCY)

IBSCY Ltd is a leading provider of total IT solutions and services in Cyprus specializing in the areas of cloud services and applications, systems integration, IT infrastructure and security.

ThirdWatch

ThirdWatch

ThirdWatch is a Data Science company with real-time automated fraud prevention solutions.

Cypherix

Cypherix

Cypherix is tightly focused on cryptography and data security. We leverage our expertise to deliver state-of-the-art, world-class encryption software packages.

Guidehouse

Guidehouse

Guidehouse is a leading global provider of consulting services to the public and commercial markets with broad capabilities in management, technology, and risk consulting.

SECUINFRA

SECUINFRA

SECUINFRA has been supporting companies in detecting, analyzing and defending against cyber attacks since 2010.

MoogleLabs

MoogleLabs

MoogleLabs leverage AI/ML, Blockchain, DevOps, and Data Science to come up with the best solutions for diverse businesses.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.

Beacon Technology

Beacon Technology

Beacon Technology offers a comprehensive platform consisting of XDR, VMDR, and Breach and Attack simulation tools.