Microsoft observes Russian hackers actively attacking businesses through IoT devices

The group known as Fancy Bear has played a role in some of the biggest hacks of recent years

Growling Grizzly bear with Russian hat

Microsoft has said a high-profile Russian state-sponsored hacking group is actively attacking businesses through internet of things (IoT) devices.

The Redmond-based tech giant attributed the observed attacks to a group called STRONTIUM, also known as APT28 or Fancy Bear - the same group behind the cyber attack on the 2018 Winter Olympics in Pyeongchang.

Three separate IoT devices were used in the spotted attacks including a VOIP phone, an office printer and video decoder - they acted as entry points for the attackers to establish a foothold on the victims' networks.

Affected businesses spanned "multiple customer locations" according to Microsoft. After establishing the initial foothold, "a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data".

The IoT devices were compromised using easily preventable methods on the customer's part - examples of poor security practices that have been widely condemned by the industry.

In two cases, Microsoft note, the IoT device's default passwords had not been changed which made for easy access for hackers with basic knowledge of the device. Changing IoT device default passwords is standard industry practice but all too often the simple security procedure is overlooked.

In another instance, a victim organisation hadn't kept the device's firmware up to date which meant the attackers could exploit vulnerabilities that were probably patched in the device's latest update.

"While much of the industry focuses on the threats of hardware implants, we can see in this example that adversaries are happy to exploit simpler configuration and security issues to achieve their objectives," said Microsoft. "These simple attacks taking advantage of weak device management are likely to expand as more IoT devices are deployed in corporate environments."

These two security errors highlight common industry malpractice regarding IoT devices; issues that could be easily prevented if the customer made security a priority. But James Slaby, director of cyber protection at Acronis, noted the blame shouldn't always be on the customer.

"IoT devices both for industrial and consumer applications have already demonstrated very little focus on cybersecurity," he said. "The reasons are simple: device manufacturers are financially incented by their investors to get their products to market as cheaply and as quickly as possible.

"Little thought is being given to architecting security into their products, and many devices are not capable of receiving patches or other updates to close vulnerabilities once they have been publicly identified," Slaby added. "They bear none of the costs of cyberattacks, so have little reason to spend on improving device security."

The Fancy Bear group has pulled off some other high-profile hacks in years gone by, including a role played in the 2016 hacking of the American presidential election.

In September 2018 Fancy Bear was accused of using rootkit malware to hack and assume control of government systems. It also exposed a document in 2017 showing which professional footballers were cleared to use banned medicines during the 2010 World Cup.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Hackers demand ransom from therapy patients after clinic data breach
Security

Hackers demand ransom from therapy patients after clinic data breach

27 Oct 2020
Amazon sacks employee over data breach
Security

Amazon sacks employee over data breach

27 Oct 2020
Zoom starts rolling out end-to-end encryption for all users
Security

Zoom starts rolling out end-to-end encryption for all users

27 Oct 2020
Insider data breaches set to increase due to remote work shift
data breaches

Insider data breaches set to increase due to remote work shift

26 Oct 2020

Most Popular

How Liberty navigated a site relaunch during a pandemic
Sponsored

How Liberty navigated a site relaunch during a pandemic

8 Oct 2020
Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020