Russian hackers exploit IoT devices

According to Microsoft officials, hackers deployed by the Russian administration have been utilizing IoTs such as video decoders and printers to infiltrate certain computer networks.

This was noted after Fancy Bear servers started communicating with manipulated devices in a corporate system.

IoT (Internet-of-things) devices have proven to be exceptional technological innovations in the current world but it could also be the vulnerable point for hackers to access various government agencies and schools without due protection.

Microsoft officials’ IoT concerns

According to Microsoft Threat Intelligence Center, these assets were access points utilized by hackers to establish their existence on the system. Upon entry, they continued searching for more entry spots.

This happened through a straightforward network examination as this came in handy in detecting various insecure devices. As a result, high-privileged accounts were violated granting entry to considerable data.

Moreover, after the hackers gained access, they sniffed the network traffic on various local subnets. Further exploration was also instigated after they enumerated administrative teams.

Hackers’ prowess in IoT manipulation

The hackers had mastered their art because as they shifted from one IoT device to the next, they dropped an easy shelf script. This was undertaken so that the network’s persistence could be established.

As a result, extended access prevailed based on this manipulation. Scrutiny undertaken on the network traffic depicted the manner in which IoT devices were corresponding with an external control and command (C2) server.

Following the communication of various IoT devices with Strontium servers, investigators from Microsoft were able to deduce the hacks in April.

Notably, these servers belonged to APT28 or Fancy Bear, a hacking team deployed by the Russian administration. Additionally, this correspondence was happening from many client locations

In some instances, the IoT devices were easily exploited. For instance, the hackers simply guessed the passwords as they were utilizing the manufacturer’s ones.

Additionally, the other IoT operated with aged firmware edition that had a familiar vulnerability.

Strontium behind the IoT attacks

Microsoft officials were certain that Strontium undertook the hacks, but the primary objectives were not known.

In 2018, the FBI stipulated that this group also orchestrated the infection of various consumer-grade routers found in fifty-four (54) nations.

The malware utilized was called VPNFilter.  Hacking and cyberattacks have become considerable threats in the IT and education fields.

This can be depicted by cyberattacks occurring on academic systems. For instance, Lancaster University experienced a malware attack last week. Notably, its students’ databases were accessed and this jeopardized their private information.

Hacking in schools

Attackers sometimes get into protected wi-fi networks with dictionary attacks. This means they try to connect using a list of common passwords (‘asdf’, ‘password’, ‘kitty’, etc.) 

As long as your password isn’t one of these trivial ones and is more than a few characters long, it’s highly unlikely anyone is going to be able to hack into it, and most attackers won’t bother; they’ll just move on to find an unprotected network.

Some institutions spend some bucks to make the network more secure like using Cloudpath’s XpressConnect to secure all wireless connections on their campus wireless network with WPA2.

So what are you to do if you have to be on an open wi-fi and have to use an unencrypted service? There’s still a solution, and it may be a good back to school gift: A VPN.