Microsoft Say The IoT Is Under Attack

Uploaded on 2019-08-14 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Hackers, TECHNOLOGY-Key Areas-Internet of Things

Microsoft’s recent IoT Signals Report explains that several of their sources believe that within a year around 50 billion IoT devices will be set-up worldwide. These IoT devices are focused and can connect to a network and many are simply connected to the Internet without security or monitoring. 
 
But these items should be secured, maintained and watched by security teams, especially in large organisations, however in many instances this is not being done and the IT operators are often unaware that they are on the network. 
 
Now one of Russia's elite state-sponsored hacking groups is going after IoT devices as a way to breach corporate networks, from where they can focus on the target. Attacks have been observed in the wild said the Microsoft Threat Intelligence Center, one of the OS maker's cyber-security divisions.
 
The OS maker attributed the attacks to a group it calls Strontium, but is also commonly known as APT28 or Fancy Bear.
This group has been previously involved in the DNC hack of 2016, and which, according to an indictment filed in 2018 by US officials, has been identified as Unit 26165 and Unit 74455 of the Russian military intelligence agency GRU
 
In April Microsoft Saw IoT items being Attacked
Microsoft said that in April this year, its staff spotted Strontium attempting "to compromise popular IoT devices across multiple customer locations." The hacker group tried to exploit a VOIP phone, an office printer, and a video decoder, Microsoft said.
"The investigation uncovered that an actor had used these devices to gain initial access to corporate networks," the Redmond-based company said. "In two of the cases, the passwords for the devices were deployed without changing the default manufacturer's passwords and in the third instance the latest security update had not been applied to the device."
 
Microsoft said hackers used the compromised IoT devices as an entry point into their targets' internal networks, where they'd scan for other vulnerable systems to expand this initial foothold.
 
Microsoft said it identified and blocked these attacks in their early stages, so its investigators weren't able to determine what Strontium was trying to steal from the compromised networks.
 
Microsoft’s Recommendations for Securing Enterprise IoT
There are additional steps an organisation can take to protect their infrastructure and network from similar activity. Microsoft recommends the following actions to better secure and manage risk associated with IoT devices:-
  • Require approval and cataloging of any IoT devices running in your corporate environment.
  • Develop a custom security policy for each IoT device.
  • Avoid exposing IoT devices directly to the internet or create custom access controls to limit exposure.
  • Use a separate network for IoT devices if feasible.
  • Conduct routine configuration/patch audits against deployed IoT devices.
  • Define policies for isolation of IoT devices, preservation of device data, ability to maintain logs of device traffic, and capture of device images for forensic investigation.
  • Include IoT device configuration weaknesses or IoT-based intrusion scenarios as part of Red Team testing.
  • Monitor IoT device activity for abnormal behavior (e.g. a printer browsing SharePoint sites…).
  • Audit any identities and credentials that have authorized access to IoT devices, users and processes.
  • Centralise asset/configuration/patch management if feasible.
  • If your devices are deployed/managed by a 3rd party, include explicit Terms in your contracts detailing security practices to be followed and Audits that report security status and health of all managed devices.
  • Where possible, define SLA Terms in IoT device vendor contracts that set a mutually acceptable window for investigative response and forensic analysis to any compromise involving their product.
 
 Microsoft Blog:                    ZDNet
 
You Might Also Read: 
 
The IoT Is A Big Headache For Software Developers:
 
 
 
« Russian Agents Are Behind Many Recent Attacks
N. Korea’s Hackers Stole $2b To Fund Its Missile Program »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

4Secure

4Secure

For over two decades, 4Secure has specialised in cyber security consultancy, safeguarding the worlds critical Infrastructure through securely bridging air gapped networks.

ZeroFox

ZeroFox

ZeroFox safeguards modern organizations from dynamic security risks across social, mobile, surface, deep and dark web, email and collaboration platforms.

enSilo

enSilo

enSilo secures customers data on premise or in the cloud. Regardless of the where the threat comes from, enSilo can protect your data.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

ThreatBook

ThreatBook

ThreatBook is dedicated to providing real-time, accurate and actionable threat intelligence to block, detect and prevent attacks.

Centurion Information Security

Centurion Information Security

Centurion Information Security is a consulting firm based in Singapore that specialises in penetration testing and security assessment services.

MindPoint Group (MPG)

MindPoint Group (MPG)

MindPoint Group is a specialist Information Security Consulting firm.

Lightship Security

Lightship Security

Lightship Security is an accredited Common Criteria and FIPS 140-2 IT security testing laboratory that specializes in test conformance automation solutions and IT product security certifications.

TokenEx

TokenEx

TokenEx Cloud Security Platform protects sensitive data to strengthen our clients' security postures while future-proofing their operations.

Digital Intelligence

Digital Intelligence

Digital Intelligence offer a full array of products, forensic and e-discovery consulting services and training.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

Endor Labs

Endor Labs

Endor Labs gives developers and security teams the context they need to prioritize open source risk.

ADNET Technologies

ADNET Technologies

ADNET Technologies is a SOC 2, Type II Compliant IT management and cybersecurity firm.

Sensity

Sensity

Sensity is a company that offers an AI-driven solution to detect and verify deepfakes and other forms of identity fraud.

Appranix

Appranix

Appranix delivers Cloud App Resilience with app-centric entire cloud resources backup, restore, and cross-region disaster recovery.

Cyvore Security

Cyvore Security

Cyvore combines cutting-edge AI, machine learning, and behavioral analytics to detect, investigate, and neutralize threats before they compromise your organization.