Microsoft officials said on Monday that they had located hackers working for the Russian government using printers, video decoders, and other IoT-related devices as a means to break into specific computer networks. Researchers at the Redmond giant discovered the attacks in April when a VoIP phone, office printer and video decoder at various customer sites communicated with servers belonging to “Strontium”, a group of Russian government hackers known as “Fancy Bear” or “APT28”.
“These devices have become entry points where attackers have established a presence on the network and have continued to look for more ways to access,” Microsoft Threat Intelligence Center officials said in a statement. “After the hacker successfully established network access, a simple network scan allowed him to search for and discover other insecure devices and move around the network for more privileged accounts and to grant access to higher-value data.”
Last year, the FBI concluded that the hacking group was behind the infection of more than 500,000 routers in 54 countries. Nicknamed “VPNFilter”, the malware was known as the Swiss army hacking method. Advanced features included the ability to monitor, log, or modify traffic that passes between network terminals, sites, or industrial control systems using Modbus serial communication protocol. The FBI, with the help of Cisco’s Talos security group, neutralized VPNFilter.
Microsoft has notified device manufacturers that they might consider adding new protections. Monday’s report also provided IP addresses and scripts that organizations can use to detect if they were also targeted or infected. In addition, the report reminded people that despite Strontium’s above-average hacking skills, an IoT device is usually all it takes to gain access to a segmented network. That is, others may try to do this.
“While a great part of the business centers around equipment embed dangers, we can see from this model adversaries are glad to investigate easier design and security issues to accomplish their objectives,” the report noted. “These simple attacks taking advantage of poor device management tend to expand as more IoT devices are deployed in enterprise environments.”
The IoT devices are no longer a niche market. The tendency to have all our devices interconnected, together with the cheaper manufacturing of these technologies, is driving their takeoff enormously. In addition, it is expected that in the near future this will go further with the implementation of the IPv6 address space and the deployment of 5G technologies in mobile networks.
They emerged from the convergence of microelectronic systems, wireless and internet services, which resulted in a large network of everyday objects capable of communicating with each other, without the need for human intervention. From a refrigerator that is able to inform us remotely if it is losing cold, to a biochip implanted in our body notifying us about the level of blood glucose or heart rate, through the great fashion of wearables with their measurements on our daily physical activity.
The relevance of IoT technologies, as well as the advantages they offer in our daily lives, is a reality. However, they also have several drawbacks to consider. The information handled by these devices is increasingly sensitive or relevant, so keeping them safe is vitally important.
The growth of these devices also means, an increase in the number of new vulnerabilities that affect them.
Carrying out a correct security policy is a complicated task due to ignorance. This affects consumers, but more to developers and manufacturers. Here at Appstudio, we always try to increase awareness among the users and consumers and strive hard to make manufacturers and developers to think about security as the most important aspect.
The great challenge of the next decade will be IoT security because it is estimated that by 2020, 38.5 billion devices will be connected to the network.
In North America, a cyber-attack is reported every 20 seconds,” said Shawn Kimbuli, director of the Global Research and Analysis Team at Kaspersky Lab.
Viruses, phishing, theft or loss of data are the most common; they are aimed at companies, individuals, government organizations or corporations.
Uber, for example, had to pay hackers US $ 100,000 to recover 57 million data, from drivers and users.
In 2015, the Grabit spying campaign was discovered. Business teams were infected; the information on your hard drive, stolen. “A chemical company whose name was not disclosed suffered patent theft through this system,” an expert told a national newspaper.
It is not enough to establish protocols, IoT security must build trust and integrate habits to prevent and mitigate risks.
Top 10 vulnerabilities in IoT 2019
Next, we will detail each of the vulnerabilities included in the last year’s list:
Use of weak or embedded passwords
The use of passwords that can be easily obtained through a brute force attack, which by default are the same for all devices or that are even public on the Internet, are vulnerabilities deeply rooted in IoT technologies due to their inheritance of control systems. This is one of the most serious vulnerabilities in the IoT scope, since it has already been exploited, on previous occasions, in order to carry out distributed denial of service attacks using a botnet formed by IoT devices that had a default password. The solution to this vulnerability is quite simple: use unique passwords between devices, associated with an account or an active directory service, so that the password is not embedded in the device.
Unsafe network services
Those unnecessary or insecure network services that run on background devices and that are exposed to the Internet should be avoided. A successful exploitation of the vulnerabilities that may exist in such services could compromise the confidentiality, integrity or availability of the data stored in the device or even allow remote access to it. The solution involves the disabling of those services that are not necessary.
Insecure interfaces in the IoT ecosystem
External tools to devices such as web interfaces, APIs in the backend or cloud services can be configured in an insecure way, which would compromise the devices and other components that are managed through them. Adopting access control measures to these interfaces, filtering the inputs and outputs of the services and ensuring communications by adding encryption algorithms are the most effective measures to alleviate the problem.
Lack of secure update mechanisms
This section includes the lack of validation mechanisms for firmware versions on devices, insecure transmission media, lack of mechanisms to avoid returning to previous versions and, therefore, more insecure and the lack of notification about the security changes that are included after each update. In these cases, it is always recommended that the device to be updated check the integrity of the firmware, as well as its origin before being installed, in order to avoid that modified versions of the firmware can be installed.
Use of insecure or outdated components
The use of insecure or obsolete software and hardware components may compromise the device. Most devices use third-party components and libraries, custom operating systems, as well as hardware components from different manufacturers. Therefore, it is important to ensure that these libraries are not obsolete or belong to a version with known vulnerabilities, as well as ensure that the hardware components do not come from a manufacturing process that has been compromised. See, as an example the problems, Intel is having lately with the different vulnerabilities in its processors such as Meltdown, Specter or SPOILER.
Insufficient privacy protection
The way in which user data stored on IoT devices and in its ecosystem is currently handled is insecure, improper and is usually done without requesting permission. A solution to this problem maybe is to establish a policy for the manipulation of user data so that only what is strictly necessary can be accessed and always informing the client about what part of their information is accessed for each service
Lack of security in storage and data transfer
It is necessary to use encryption algorithms when handling sensitive data. Access control must also be maintained within the IoT ecosystem. For example, in communications between the web interface of a home automation system and the devices that compose it.
Inadequate device management
It is necessary to carry out security controls on the production devices that include, among others, asset management and updates, system monitoring, dismantling policies and secure deletion of the devices.
Default insecure settings
The default settings of the devices are usually insecure. Therefore, it is convenient to establish configurations focused on protecting the system, applying strict connections filtering policies and permit management.
Lack of physical security
It includes the lack of controls on the physical access to the device since if an attacker obtains this access, the security measures implemented are useless. To avoid this, you must restrict physical access to the devices to authorized persons and implement additional security measures, such as camcorders or security guards.
How we can help?
Here at AppStudio, we maintain a list of top developers in different areas of the region which do help our readers to choose among the best. Additionally, our writers constantly write blog posts aimed at raising awareness and educating masses regarding information technology, gadgets, their uses, and risks. Still, we always appreciate and encourage readers to contact us regarding any query and always make informed decision.