Microsoft observes Russian hackers actively attacking businesses through IoT devices

The group known as Fancy Bear has played a role in some of the biggest hacks of recent years

Growling Grizzly bear with Russian hat

Microsoft has said a high-profile Russian state-sponsored hacking group is actively attacking businesses through internet of things (IoT) devices.

The Redmond-based tech giant attributed the observed attacks to a group called STRONTIUM, also known as APT28 or Fancy Bear - the same group behind the cyber attack on the 2018 Winter Olympics in Pyeongchang.

Three separate IoT devices were used in the spotted attacks including a VOIP phone, an office printer and video decoder - they acted as entry points for the attackers to establish a foothold on the victims' networks.

Affected businesses spanned "multiple customer locations" according to Microsoft. After establishing the initial foothold, "a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data".

The IoT devices were compromised using easily preventable methods on the customer's part - examples of poor security practices that have been widely condemned by the industry.

In two cases, Microsoft note, the IoT device's default passwords had not been changed which made for easy access for hackers with basic knowledge of the device. Changing IoT device default passwords is standard industry practice but all too often the simple security procedure is overlooked.

In another instance, a victim organisation hadn't kept the device's firmware up to date which meant the attackers could exploit vulnerabilities that were probably patched in the device's latest update.

"While much of the industry focuses on the threats of hardware implants, we can see in this example that adversaries are happy to exploit simpler configuration and security issues to achieve their objectives," said Microsoft. "These simple attacks taking advantage of weak device management are likely to expand as more IoT devices are deployed in corporate environments."

These two security errors highlight common industry malpractice regarding IoT devices; issues that could be easily prevented if the customer made security a priority. But James Slaby, director of cyber protection at Acronis, noted the blame shouldn't always be on the customer.

"IoT devices both for industrial and consumer applications have already demonstrated very little focus on cybersecurity," he said. "The reasons are simple: device manufacturers are financially incented by their investors to get their products to market as cheaply and as quickly as possible.

"Little thought is being given to architecting security into their products, and many devices are not capable of receiving patches or other updates to close vulnerabilities once they have been publicly identified," Slaby added. "They bear none of the costs of cyberattacks, so have little reason to spend on improving device security."

The Fancy Bear group has pulled off some other high-profile hacks in years gone by, including a role played in the 2016 hacking of the American presidential election.

In September 2018 Fancy Bear was accused of using rootkit malware to hack and assume control of government systems. It also exposed a document in 2017 showing which professional footballers were cleared to use banned medicines during the 2010 World Cup.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

BEC scammers using Google Forms to identify easy victims
phishing

BEC scammers using Google Forms to identify easy victims

21 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021
Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021
Report: Security staff excluded from app development
cyber security

Report: Security staff excluded from app development

20 Jan 2021

Most Popular

Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021