Russian hackers are exploiting security vulnerabilities in common Internet of Things devices to infiltrate corporate networks, according to Microsoft.
The number of IoT devices online today is greater than the number of personal computers and mobile phones combined, but IoT security is often an afterthought, with 15% of users not changing the default password on their IoT devices. This has left many devices vulnerable to hackers.
In a blog post, the Microsoft Threat Intelligence Center warned that many devices are connected to the internet with “little management or oversight”, but this can pose a threat to businesses.
It explained that Russian cyber espionage Strontium, also known as Fancy Bear, is behind a new corporate networks attack, which occurred earlier this year. The group is thought to be responsible for several high-profile cyberattacks, including hacking into the emails of Democratic National Committee members, and the NotPetya attacks in 2017. The group has now turned its attentions to common IoT devices such as printers and voice over IP phones.
Printers, VoIP phones and beyond: The risks of IoT security
In April, security researchers in the Microsoft Threat Intelligence Center discovered that someone had gained access to corporate networks via a VoIP phone, office printer and a video decoder in multiple locations. The attacker was able to gain access to these devices either because the default password had not been changed, or because the security had not been updated.
Once bad actors had got into the network, they were then able to gain further access through “higher-privileged accounts”.
Therefore, Microsoft is calling for closer monitoring of IoT devices within a network, especially organisations that have a “bring your own device” policy. With attackers able to exploit the simpler configurations or poor IoT security, both manufacturers and businesses must look at new ways to protect devices.
Michele Mabilia, head of product marketing at Kyocera Document Solutions UK believes that organisations must ensure that every internet-connected device is adequately protected:
“The attack raised an issue that deserved to be pointed out. With the increasing influence of the cloud, IoT and other digital transformation technologies, businesses tend to focus on the opportunity these technologies represent. Instead, they should be making sure that every cloud-enabled, mobile and smart device – including their IP-connected print device – is protected against both malicious cyberattack and accidental data loss.
“It goes without saying that setting a strong password and making sure you install the latest update for your security tools are the basics of cybersecurity. The best defences for a secure network are composed of multiple barriers.”
He believes that although default settings offer insufficient protection, solutions are available to improve IoT security:
“When it comes to printers, default settings are insufficient to prevent the growing number of threats to data and network security. However, there are solutions that make it quick and easy to identify and address vulnerabilities. They can identify open ports, alert the users of any unusual activity and generate diagnostic report on demand.
“As the saying goes: “better be safe than sorry”, so the earlier vulnerabilities are identified, the more chances you’ll have to mitigate the threats,” he concluded.