Microsoft Warns that Cyber Spies may be Targeting IoT

Microsoft issues a warning that cyberspies (some of which are state-sponsored) may be breaking into enterprise networks through IoT devices that administrators either overlook or are unaware of on their systems. With the sheer number of devices seeking connection to an enterprise IoT network, it is expected that some will slip through the cracks. Keeping those IoT devices connected securely through security and firmware updates can be a tedious task. However, leaving them in their initial connection state could prove costly in the long run.

Outdated firmware and default passwords create an easy gateway for malicious users looking to gain access to an enterprise network can exploit. As more and more devices enter the system, they create a broad front for a potential attack that enterprises need to be aware of and deal with appropriately. Many IoT devices don’t broadcast their presence on a network and only connect to it to obtain firmware or software updates, communicating necessary telemetry information back to its server. These silent IoT backdoors are the ones that introduce vulnerability into an enterprise system.

Relatively Easy to Gain Access

In April, Microsoft security researchers observed malicious Russian group STRONTIUM (also known as APT28 or FancyBear) making inroads into IoT devices across several locations worldwide. Following the trail of the hackers, Microsoft noted that they gained access through devices that retained the manufacturer’s default passwords when they were deployed. From there, the group gained access to more and more tools across the IoT network, continually moving upwards in the hierarchy, gaining access to more critical information as they went.

Microsoft estimates that over the last year, over 1400 nation-state notifications have gone out organizations that have been targeted by STRONTIUM. One-fifth of those attacks occurred on non-governmental organizations, think-tanks, and other politically affiliated groups worldwide. The remaining eighty percent of attacks focused on IT, government, defense, military, and other entities around the globe.