• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » Corporate Cyber Security » Microsoft Finds Russian Hackers Attacking Corporate IoT Devices

Microsoft Finds Russian Hackers Attacking Corporate IoT Devices

2019-08-07 by Michelle Dvorak

Microsoft Russian Hackers

Microsoft’s Threat Intelligence Center Reports APT28 aka Fancy Bear is Hacking Common IoT Devices to Breach Corporate IT Networks

Microsoft’s Threat Intelligence Center (MSTIC) reported that Russia’s GRU Military Intelligence Service is using poorly secured Internet of Things (IoT) devices as an entry point to compromise corporate IT networks. The breaches are attributed to a Russian state-sponsored hacking group, APT28. The Advanced Persistent Threat group, also known as Fancy Bear or Strontium, is the hacking group responsible for VPN Filter malware.

The hacking group attempts to compromise and communicate with IoT devices. Three insecure devices, voice-over-IP phones, office printers, and video decoder hardware were successfully hacked at multiple corporate locations. Once access was gained through these low-level devices, APT28 dropped malware that seeks out higher-level access on the network they are connected to.

In the past year, MSTIC sent almost 1400 notifications to companies that were targeted or compromised by Fancy Bear during state-sponsored cyber attacks. Twenty percent of the attacks targeted non-governmental organizations like think tanks and politically affiliated organizations. Eighty percent of Strontium’s attacks targeted governmental organizations, the IT industry, militaries, defense companies, medical sector, educational institutions, and engineering firms. Strontium’s even attacked Olympic organizing committees, anti-doping agencies, and the hospitality industry.

The compromised IoT devices are used to breach corporate networks and seek high-value data or access. Once network access is gained through an insecure device, hackers can scan for other insecure devices and sub-networks. The goal of the attacks is most likely access to higher-level corporate networks, corporate emails, privileged admin accounts, or sensitive data.

According to Microsoft, “After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets. They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting. Analysis of network traffic showed the devices were also communicating with an external command and control (C2) server.”

What are IoT Devices?

The phrase Internet of Things, called IoT for short, refers to any internet connected device like printers, smart TVs, connected vehicles, printers, appliances, and lighting systems. Basically, IoT devices that make our lives easier or get things done for us. IoT devices are by design, easy to connect to the internet which is also what makes them an appealing target for hackers. Many corporate IT admins may not even know which devices have been brought in by employees and connected to their networks.

The Microsoft post cites that there will be an estimated 50 billion IoT devices in the world by the year 2020. Even now, the number of IoT devices online exceeds the number of personal computers and smartphones combined.

Poorly Secured Devices Make It Easy for Hackers

At least two of the cyber attacks were successful because the device owner did not change the manufacturer’s default password after connecting the device to the internet. A third device was not kept updated with the latest security patches.

Some IoT devices communicate basic telemetry back to the manufacturer or have a connection that allows it to receive software updates. Therefore they maintained and monitored for suspicious activity.

How to Secure IoT Devices

IoT devices are intentionally easy to connect to networks, making them especially vulnerable to hackers. Often, corporate sysAdmins are unaware a device has been connected to their network by an employee. Advanced Persistent Threat Groups and other hackers can take advantage of vulnerable electronic devices to gain higher-level access to a corporate network.

  • Require approval to connect all IoT devices to a corporate network
  • Record the presence of all devices
  • Limit exposure to critical networks by isolating IoT device access to the internet
  • Isolate IoT device access to public internet
  • Use a separate corporate network for connected devices
  • Monitor IoT device for abnormal activity or communications
  • Change the manufacturer’s default username and password
  • Maintain all electronic devices, smartphones, laptops, printers, etc… by keeping them updated with security patches. When possible, allow them to accept security patches automatically

See more cyber security tips on the Microsoft post about Strontium cyber attacks.

Filed Under: Corporate Cyber Security Tagged With: APT28, Fancy Bear, Microsoft, Russia

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version