In a demonstration project, researchers breached a networked IP camera and gained access to IT and operational technology infrastructure to plant ransomware executables.
Threat actors can use vulnerabilities in internet-of-things devices and IP-connected operational technologies to spread ransomware through an enterprise, new research shows.
In a June 1 report released by Forescout Technologies' Vedere Labs, researchers demonstrated a proof-of-concept for a new type of attack they call ransomware for IoT (R4IoT). The next-generation malware breaches networks via IoT devices and then moves laterally through the IT and OT infrastructure, disrupting critical business operations and exfiltrating data.
In a video demonstration, Forescout’s team breached an IP camera connected to a fictional community hospital and executed a remote command that allowed researchers to take over a Windows machine on the hospital network.
According to the researchers, two IP camera vendors – Hikvision and Axis – account for 77% of those used in enterprise networks and both vendors have multiple known code execution vulnerabilities. More than half a million of IoT devices use the default VLAN1 configurations, indicating that IoT devices and IT systems are not in segmented networks. “Mixing IP cameras and diagnostic systems – or other business-critical devices – in the same VLAN means that there is a path for an attack to spread from an insecure camera to a critical device,” the report said.
Vedere Labs’ experiment also showed how devices with weak credentials could be easily exploited by malicious actors. Once inside, attackers can also escalate privileges and deploy ransomware and cryptocurrency miners on IT systems and take advantage of poor OT security practices to disrupt business operations.
As IoT devices become more commonplace, other hackable vulnerabilities will be unearthed. Researchers said the main goal of this proof-of-concept was to highlight the evolving nature of ransomware attacks and show the risks regarding OT networks.
The study points to two conclusive future trends: “IoT as an entry point and OT as the target of attacks.” To address these potential threats, Vedere Labs suggested patching vulnerabilities when they are detected, implementing multifactor authentication, network segmentation and more stringent policies for password strength and expiration.
“The most important messages of this report are that IoT and OT exploits are new tools in the attacker’s arsenal but also that to mitigate this type of attack, solutions are required that allow for extensive visibility and enhanced control of all the assets in a network,” the report said.
NEXT STORY: Reno pilots blockchain for historic registry