An August 5 alert issued by Microsoft’s Security Response Center is blowing the whistle on hacking efforts focused on three classes of internet of things (IoT) devices that Microsoft asserts are being attacked by the hacking group it identifies as “Strontium,” better known as the Russia-based cyber espionage group Fancy Bear.
Microsoft said its Threat Intelligence Center in April discovered Strontium infrastructure communicating with several external devices and attempting to compromise three popular IoT devices – a VoIP phone, an office printer, and a video decoder.
“The investigation uncovered that an actor had used these devices to gain initial access to corporate networks” Microsoft said. “In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords and in the third instance the latest security update had not been applied to the device,” it said.
“We are sharing this information to raise awareness of these risks across the industry and calling for better enterprise integration of IoT devices, particularly the ability to monitor IoT device telemetry within enterprise networks,” Microsoft said. It continued, “Today, the number of deployed IoT devices outnumber the population of personal computers and mobile phones, combined. With each networked IoT device having its own separate network stack, it’s quite easy to see the need for better enterprise management, especially in today’s ‘bring your own device’ world.”
“While much of the industry focuses on the threats of hardware implants, we can see in this example that adversaries are happy to exploit simpler configuration and security issues to achieve their objectives,” Microsoft said. “These simple attacks taking advantage of weak device management are likely to expand as more IoT devices are deployed in corporate environments. Upon conclusion of our investigation, we shared this information with the manufacturers of the specific devices involved and they have used this event to explore new protections in their products. However, there is a need for broader focus across IoT in general, both from security teams at organizations that need to be more aware of these types of threats, as well as from IoT device makers who need to provide better enterprise support and monitoring capabilities to make it easier for security teams to defend their networks,” it said.
The company said it has delivered nearly 1,400 nation-state notifications to organizations being targeted or compromised by Strontium over the past year. Microsoft said that about 80 percent of Strontium’s attacks have been aimed at the government, IT, military, defense, medicine, education, and engineering sectors. And it said the remainder have been aimed at non-government institutions, think tanks, and politically affiliated organizations around the world.