User Review( votes)
Forescout researchers have demonstrated how ransomware could spread through an enterprise from vulnerable Internet-of-Things gear.
The security firm’s Vedere Labs team said it developed a proof-of-concept strain of this type of next-generation malware, which they called R4IoT. After gaining initial access via IoT devices, the malware moves laterally through the IT network, deploying ransomware and cryptocurrency miners while also exfiltrating data, before taking advantage of operational technology (OT) systems to potentially physically disrupt critical business operations, such as pipelines or manufacturing equipment.
In other words: a complete albeit theoretical corporate nightmare.
“It basically comes out of our observation of the evolving nature of the threat actors that are involved in ransomware — they have been changing tactics in the past couple of years,” said Daniel dos Santos, head of security research at Forescout’s Vedere Labs.
Intruders aren’t just encrypting data and demanding a ransom payment to decrypt corporate systems, he told The Register. Instead, miscreants are also stealing sensitive information, publicly leaking some or all of it, and then also launching DDoS attacks on businesses if they don’t pay up.
These types of increasingly destructive attacks, combined with the growing number of internet-connected devices led the researchers to consider: what if ransomware exploited IoT gear to get into a corporate network. Usually, organizations are infected by someone opening a booby-trapped email, intruders using stolen or phished login credentials, or a public-facing server is exploited. R4IoT specifically targets IoT equipment.
The good news is that this is only conceptual malware, developed in a lab to show how criminals could combine the worlds of IT, OT, and IoT to spread ransomware. We’re told this wouldn’t be too hard to do in the real world, provided one is able to identify and exploit IoT vulnerabilities in a victim’s environment.
“None of the exploits are difficult, per se,” dos Santos said. “We, of course, did it in a lab where we controlled all the variables. If you’re doing that for real … [it’s] definitely doable and doesn’t require a high level of sophistication.”
Finding the connection point between the IT and OT network may require some persistence, he added. But that also speaks to the evolving nature of ransomware and the commoditization of exploits, according to dos Santos.
“You have these ransomware-as-a-service gangs, for instance, that develop very complex pieces of software, very complex malware, and distribute that to affiliates who then just deploy that at specific targets,” he said. “The idea here could be the same: somebody develops a complex malware, and then somebody else who has lower skills is responsible for deploying that.”
For full article click here.