IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft observes Russian hackers actively attacking businesses through IoT devices

The group known as Fancy Bear has played a role in some of the biggest hacks of recent years

Growling Grizzly bear with Russian hat

Microsoft has said a high-profile Russian state-sponsored hacking group is actively attacking businesses through internet of things (IoT) devices.

The Redmond-based tech giant attributed the observed attacks to a group called STRONTIUM, also known as APT28 or Fancy Bear - the same group behind the cyber attack on the 2018 Winter Olympics in Pyeongchang.

Three separate IoT devices were used in the spotted attacks including a VOIP phone, an office printer and video decoder - they acted as entry points for the attackers to establish a foothold on the victims' networks.

Affected businesses spanned "multiple customer locations" according to Microsoft. After establishing the initial foothold, "a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data".

The IoT devices were compromised using easily preventable methods on the customer's part - examples of poor security practices that have been widely condemned by the industry.

In two cases, Microsoft note, the IoT device's default passwords had not been changed which made for easy access for hackers with basic knowledge of the device. Changing IoT device default passwords is standard industry practice but all too often the simple security procedure is overlooked.

In another instance, a victim organisation hadn't kept the device's firmware up to date which meant the attackers could exploit vulnerabilities that were probably patched in the device's latest update.

"While much of the industry focuses on the threats of hardware implants, we can see in this example that adversaries are happy to exploit simpler configuration and security issues to achieve their objectives," said Microsoft. "These simple attacks taking advantage of weak device management are likely to expand as more IoT devices are deployed in corporate environments."

These two security errors highlight common industry malpractice regarding IoT devices; issues that could be easily prevented if the customer made security a priority. But James Slaby, director of cyber protection at Acronis, noted the blame shouldn't always be on the customer.

"IoT devices both for industrial and consumer applications have already demonstrated very little focus on cybersecurity," he said. "The reasons are simple: device manufacturers are financially incented by their investors to get their products to market as cheaply and as quickly as possible.

"Little thought is being given to architecting security into their products, and many devices are not capable of receiving patches or other updates to close vulnerabilities once they have been publicly identified," Slaby added. "They bear none of the costs of cyberattacks, so have little reason to spend on improving device security."

The Fancy Bear group has pulled off some other high-profile hacks in years gone by, including a role played in the 2016 hacking of the American presidential election.

In September 2018 Fancy Bear was accused of using rootkit malware to hack and assume control of government systems. It also exposed a document in 2017 showing which professional footballers were cleared to use banned medicines during the 2010 World Cup.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021

Most Popular

The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022