Microsoft made news recently at the annual Black Hat conference in Las Vegas, generating a lot of buzz about its discovery of a malicious Russian hacker group using common Internet of Things (IoT) devices to carry out widespread attacks on corporate networks.
Microsoft says hackers compromised several kinds of Internet-connected devices — including a voice-over-IP phone, a Wi-Fi office printer, and a video decoder — to gain access into enterprise networks. The attacks, according to Microsoft, were carried out by a group called Strontium — also known as Fancy Bear or APT28 — which has links to GRU, Russia's military intelligence agency.
There will be more than 14 billion IoT devices in use in homes and businesses by 2020, according to Gartner. Given Microsoft's news, now is the time to review security risks in firmware, the specific class of software that provides the low-level control for the hardware of an IoT device. Widely recognized as a pressing cybersecurity issue, firmware is a commonly unprotected attack surface that hackers use to get a foothold in a network. An unsecured IoT device is essentially an unlocked front door, which means that once attackers take over an IoT device, they can move laterally into a corporate network.
Hackers actively exploit weaknesses in IoT security not to attack the devices themselves, but as a jumping off point for all kinds of malicious behavior, which could include distributed denial-of-service attacks, malware distribution, spamming and phishing, click fraud, and credit card theft, among others. So, before a device breach leads to revenue loss, a lawsui ..
Support the originator by clicking the read the rest link below.
