I have written before about the security limitations of “Internet of Things” (IoT) devices. Many of them are simple devices, possibly based on older tech, they tend to lack the hardware to allow for regular security updates, etc, etc etc. At least the UK Government is enacting laws to make IoT vendors use effective random passwords on devices rather than them all using “password123”.
Home automation and Smart Devices – some questions to be answered – Smart Thinking Solutions
Microsoft research highlights the importance of the UK’s PSTI legislation – Smart Thinking Solutions
Forescout and Vedere Labs research teams have developed what they are calling the next generation malware targeted at enterprise. The attack vector is via IoT devices deployed inside a corporate network. Moving across the network the malware can deploy ransomware or other malicious software, steal data, and ultimately attack operational technology (OT) systems and potentially disrupt business operations or even shut them down. This proof of concept software is called, R4IoT and could be used to attack critical state infrastructure.
R4IoT: a proof of concept for next-generation ransomware
The article in The Register looks at how quickly this proof of concept could become a reality we all have to defend against.
What if ransomware evolved to hit IoT in the enterprise? • The Register
Make sure you defend any IoT or OT devices you use inside your perimeter defences!
Further Reading
Product Security and Telecommunications Infrastructure (PSTI) Bill: Factsheets – GOV.UK (www.gov.uk)