IoT attacks are on the rise. Hacker success is made easier thanks to lax security practices.
Cyberattacks on IoT devices surged 300% this year. Over 2.9 billion events were observed by one security provider’s global network of honeypots in first half of 2019. It was the first time the provider had ever measured billions of attacks occurring over a 6-month period.
While the attacks come from many sources, last month, Microsoft identified a remarkably large and coordinated effort.
Microsoft officials issued a warning about a new group of hackers using IoT devices to infiltrate targeted computer networks. The group is thought to be working for the Russian government. The attacks were first discovered in April when office printers, voice-over-IP phones, and video decoders in several customer locations were found to be communicating with servers belonging to the group, known as Strontium, Fancy Bear, or APT28.
In the attacks, the passwords for the devices were easily guessed as they were the default ones that came from the factory. In addition, one of the devices was discovered to be running out of date firmware that had a known security flaw. Microsoft said it’s not clear what is the group’s main objective.
“These devices became points of ingress from which the actor established a presence on the network and continued looking for further access,” officials with the Microsoft Threat Intelligence Center wrote in a post. “Once the actor had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data.”
According to the FBI, the group was responsible for infecting over half a million consumer-grade routers in over 50 countries in the VPNFilter attack last year. The group was able to ability to monitor, log, or modify traffic passing between network end points and websites or industrial control systems using Modbus serial communications protocol. Working in conjunction with Cisco’s Talos security group, the agency was able to neutralize the attack. The group was also responsible for hacking the 2016 Democratic National Committee, World Anti-Doping Agency and the TV5Monde TV station in France.
Microsoft has notified the manufacturers of the affected IoT devices and hopes they will use the information to make their devices more secure.
Coordinated attacks like this highlight the gaping security holes in some IoT deployments. The fact that many of the devices compromised used unchanged default passwords and outdated firmware is a stark message about how lax many organizations are when deploying IoT.