Do you have internet-connected security cameras in your home or workplace? Internet of Things(IoT) devices like security cameras and other surveillance equipment are highly vulnerable and can be easily hacked.
In April 2019, researchers at the Microsoft Threat Intelligence Center came across a hacker who had gained access to several IoT devices of well-known organizations across the United States. The hacker has not been identified yet but the security team at Microsoft suspects him/her to be a Russian citizen. Several IoT devices (a VOIP phone, an office printer, and a video decoder) were being attacked and privacy was severely compromised.
The team at MTIC later confirmed that the victims had failed to change the default password(of the IoT devices) in two instances. And they hadn’t updated the software in once case. In the latter case, the security feature needed to fight off such an attack was not downloaded and, hence, the breach.
How exactly did the so-called secured corporate network got breached?
For a point of entry, the hacker exploited the most vulnerable(above-mentioned three IoT devices) parts of the network and gained entry into the other high-value areas. They later found the higher-privileged accounts by simply scanning for weak devices.
Next, the hacker ran a network monitoring and management utility known as “Tcpdump”– to capture and record TCP/IP data on the run time. Tcpdump is a freely available open-source software which can be used from the command prompt of system. It analyses the traffic between a computer and the LAN and gives back vital feedback. This is how the hacker identified a low-value device from high valued one.
Using a simple shell script, a persistent connection was established which allowed the hacker to send and receive commands to the IoT devices. A shell script is just a short computer program that can be executed from a Unix shell(from a Linux-based machine). In a persistent state, the webserver has access to the user’s web browser. The web server admin can easily send or receive data and monitor the browser activity performed by the user.
Who was responsible for these attacks?
Microsoft has confirmed that the attacks were carried out by a Russian cyberespionage group known as Fancy Bear. They are also known as STRONTIUM.
An American cyber technology company CrowdStrike has confirmed that Fancy Bear is associated with the Russian military intelligence agency GRU(The Main Directorate of the General Staff of the Armed Forces of the Russian Federation).
Since the attacks were diffused at an early stage by Microsoft, they were unable to figure out the exact motive behind this particular attack. The security team at Microsoft were always aware of these attempts to hack the IoT devices. This is why in the last twelve months they have delivered nearly 1400 nation-state notifications to those who were targeted by Fancy Bear.
The bottom line
The team at Microsoft Threat Intelligence Center is anticipating more attacks from other cybercriminals. With better and well-equipped IoT devices, corporations will not have to worry about such attacks in the future. Microsoft has shared this case study to make those aware of the risks of using easy-to-bypass cheap models of IP cameras.
ZDNet also agrees that IP cameras are prone to cyber-attacks. “Organizations prefer cheap models over state-of-the-art devices and hence, find themselves in trouble“, Omri Mallis, chief product architect at SAM Seamless Network told ZDNet.