Real warfare and cyber warfare are merging closer together – just look at the role vulnerable IoT devices are playing in the war between Russia and Ukraine. Since the conflict began there have been multiple reports of each side trying to gain an advantage by targeting both critical infrastructure and general-purpose IoT devices with attacks leveraging unremediated cyber vulnerabilities. From these devices being compromised an opponent can gain important data and video, manipulate or alter that data and video, as well as be positioned on a network in order to spread malware or impact the organization more broadly. And with IoT systems in particular, compromising them is also a path to causing physical damage and harm.
Roughly a year ago this blog commented on how the hacktivist group Anonymous had declared war on Russia, and one of its tools of choice was hacking the cameras in the Kremlin to gain a foothold, as well as being able to use the cameras for observation and intelligence gathering. Further hacking of systems by Ukraine lead to their ability to distribute their own videos to all parts of Russia. Since then both sides have escalated their focus on exploiting vulnerable IoT devices, specifically cameras. Here are some of the examples from the past few months:
- As reported in late January, Russia has been hacking camera systems inside residential complexes in Ukraine in order to surveil movement of people and traffic on the streets.
- Reported this month (April 2023), Russia also has been hacking into camera in coffee shops, both because they can show street traffic and because they are not well maintained for cyber hygiene.
- In November 2022 Mandiant analyzed Russian cyber attacks patterns and determined that Russia had shifted it’s focus to edge devices (routers, cameras, firewalls, etc) as they are easier to hack into, and perhaps most importantly, are often forgotten in remediation efforts and thus leaving a foothold for threat actors to leverage in the future.
- Both leading up to the war and during it, hackers on both sides of the conflict have been leveraging botnet armies already planted and waiting to be utilized. Where are these botnet armies housed? Most likely in vulnerable IoT devices, as more than 80% of the Mirai botnet armies have.
What are some of the lessons organizations can learn from these wartime exploits? While there are several here are the three most important:
- IoT is where malicious hackers are focused: Russia’s shift to “living on the edge” in launching cyber attacks is what threat actors worldwide are doing. Any organization dependent on IoT devices (as many are) should ensure they include IoT devices in the security posture and overall risk assessment.
- The size of organizations doesn’t matter: Coffee shops, apartment complexes, and rural TV stations are examples where even smaller organization are being exploited because of their lack of IoT device management around firmware patching, password rotations, and certificate deployment. If an organization does not have the internal resources to handle these ongoing maintenance requirements there are managed services organizations that are ready and able to handle this, just as they do many other parts of an organizations IT requirements.
- Lack of cyber hygiene is what threat actors count on: being able to establish, manage, and use a botnet army within IoT devices is a reflection on their lack of ongoing cyber hygiene. Instead of just mitigating bots and the damage from malware being planted, organizations should add a focus on remediation of vulnerabilities to prevent devices from being a “safe haven” for threat actors to operate out of.
You may not think you’re in a hot conflict like Russia and Ukraine are, but if you have IP-connected IoT devices and they are not being consistently maintained for cybersecurity then you are both a target for malicious cyber criminals and potentially at risk of catastrophic damage. In other words, treat this like a war and ensure your defenses are strong. Viakoo and its partners have worked with organizations of all sizes to ensure that IoT device security is automated and ready to meet the growing focus of threat actors. Getting started is easy; a great starting point is a 30 minute Zoom meeting with one of our IoT security experts (just click here).