SECURITY SOLUTIONS TODAY20 Sep 2019
How Not To Become A Russian Cyberattack Tool

I don’t know with what weapons World War IV will be fought, but World War III will be fought with printers, video decoders, and VoIP phones.

An IoT DDOS Attack Is Not Science Fiction

Breached IoT devices were used to target computer networks in attacks recently brought to light by Microsoft, which attributed them to Strontium (aka Fancy Bear, aka APT28), a Russian state hacker group linked to the military intelligence agency GRU.

In April of this year, Microsoft Threat Intelligence Center security researchers discovered that the aforementioned IoT devices on multiple locations were communicating with servers owned by Strontium.

Further analysis showed that the Strontium group compromised the popular IoT devices through default manufacturer passwords and a security vulnerability to which a security patch was not installed. Using the compromised devices, the hackers entered corporate networks, running a network scan to find more compromised devices on the networks and local subnets. Their ultimate objective is unknown to the researchers.

Microsoft researchers mentioned the fact that there are more IoT devices than PCs and mobile phones combined. “These simple attacks taking advantage of weak device management are likely to expand as more IoT devices are deployed in corporate environments,” wrote the researchers.

IOT Botnets Will Only Increase in Number

IoT vulnerabilities are easily utilized to carry out DDoS attacks because IoT devices are inherently unsafe; most of them have default credentials, which users don’t bother changing, or none at all, and updating their firmware is a messy job, unfit for the ordinary end-user.

DDoS attacks, short for distributed denial of service, are one of the most feared kinds of cyberattacks out there. In a DDoS attack, a server is flooded with endless requests until it slows down, eventually crashing. The requests may be sent from an army of zombies, resulting in IoT devices being breached and infected without their owners’ knowledge.

One of the worst IoT-fueled DDoS attacks shut down large swaths of the web for hours in 2016 by attacking DNS provider Dyn, causing a so-called outage of major internet platforms across North America and Europe.

You may be oblivious to your router having taken part in one of those attacks. It still may seem like it was the work of zombies. Recent analysis of thousands of our clients discovered an average of two security problems per ISP router, the router provided by your internet service provider. Common problems include empty WiFi passwords or using the less-than-secure wireless security protocol (WPA) method.

That could get you in trouble if someone decides to take action—legal or retaliatory—against attacking machines.

Microsoft’s experts have a slew of suggestions on how corporations can make IoT devices more secure.

Here are the tips adapted for private users:

  • Change the device’s credentials as soon as you get them; change them routinely as long as the device is in use.
  • Avoid exposing IoT devices directly to the internet, or create custom access controls to limit exposure.
  • Use a separate network for IoT devices if possible.
  • Set up a routine of updating software and firmware, patching all vulnerabilities.
  • Monitor IoT device activity for abnormal behavior.
  • Routinely audit any identities and credentials that have authorized access to IoT devices. Are there users that aren’t supposed to be there?
  • If your devices are deployed or managed by a third-party, like a service company, require a copy of their security practices and ask for a periodic report on the security status and health of the devices.
  • If there’s anything suspicious going on, disconnect the device from the network, revoke any privileges, and shut it down until it can be inspected by a professional.

A connected world can be an easier world to manage, but it gives anyone with the means or desire an easy way to wreak havoc.