Interlopers in Things? IoT devices may be used as backdoors to your network

By Cameron Abbott and Karla Hodgson

This month Microsoft reported that its Threat Intelligence Center discovered that IoT (internet of things) devices – a VOIP phone, a printer and a video decoder – were used to gain access to corporate networks in April.

Microsoft have identified Strontium – also known as Fancy Bear or APT28 – as the culprit, a hacker group associated with the Russian government who appear to be targeting government, IT, military and defence, engineering, medical and education sectors. Strontium has been linked to the hacking of Hillary Clinton’s presidential election campaign and of the email accounts of researchers investigating the missile strike on MH17 and the Skripal poisonings. In the last 12 months alone Microsoft has delivered almost 1,400 notifications to those targeted or compromised by Strontium.

This is just one of a growing population of examples of IoT devices being used to gain unauthorised access to the networks they are connected to. When an actor gains access to a network via an IoT device, they will often sniff out other unsecure devices to provide them with broader access to the network and will target higher-privileged accounts in order to obtain deeper network access.

With more IoT devices than the number of personal computers and mobile phones combined, cybersecurity risk for organisations is escalating, with each IoT device bringing its own bundle of vulnerabilities and weaknesses to the network it is connected to. Even organisations with high risk tolerance will find this unsettling, however recent polling by Deloitte shows that organisations are on the backfoot when it comes to securing IoT devices, with only 18% of respondents feeling “very confident” in their organisations’ ability to secure connected devices.