Microsoft’s Threat Intelligence Centre reported that the Russian hacker group Fancy Bear has been trying to penetrate the corporate network by using the Internet of Things devices such as VoIP phones and printers. It is widely speculated that the organization is suspected to be controlled by Russian Military Intelligence agency GOV., also known as the Strontium Group or APT 28. The organization has successfully infected more than 500,000 consumer-grade routers in more than 50 different countries.
In April of this year, hackers attempted to target enterprise IoT devices and use these “soft points” to penetrate enterprise networks with larger specifications and stricter security measures. Hacker exploits the default factory settings for IoT devices. The other way is that exploiting outdated firmware in IoT devices that contains known vulnerabilities.
IoT risk must be taken seriously. For a preview of the talk @edoerr is giving Thursday, see our guest blog from MSTIC, describing early-stage detection of attacks leveraging common IoT devices. https://t.co/2TIlz1TUly #MSFTatBlackHat
— Security Response (@msftsecresponse) August 5, 2019
Upon conclusion of our investigation, we shared this information with the manufacturers of the specific devices involved and they have used this event to explore new protections in their products
However, there is a need for broader focus across IoT in general, both from security teams at organisations that need to be more aware of these types of threats, as well as from IoT device makers who need to provide better enterprise support and monitoring capabilities to make it easier for security teams to defend their networks.