Attackers will grow as defenders improve at resisting double extortion. Rather than focusing on IT, an option is to target operational technology (OT). Attacks on OT are not only harder to execute, but their consequences are also more difficult to mitigate.
Vedere Labs, a division of Forescout, has released a proof of concept (PoC) for a 'ransomware' attack that employs IoT for access, IT for traversal, and OT for detonation. Commonly known as R4IoT, it's the latest version of ransomware.
R4IoT's ultimate purpose is to get an initial foothold by exploiting exposed and unprotected IoT devices like IP cameras, then installing ransomware in the IT network and using poor operational security procedures to enslave mission-critical systems.
"It basically comes out of our observation of the shifting nature of the threat actors involved in ransomware — they've been changing strategies in the last couple of years," Daniel dos Santos, head of security research at Forescout's Vedere Labs, explained.
The tipping point for thieves to start attacking such devices for ransomware assaults, according to dos Santos, "will most likely be when the IT and OT devices cross 50%." "And that'll be very soon. It will take between one and two years."
According to the survey, Axis and Hikvision account for 77% of the IP cameras used by Forescout's 1,400 global customers. Axis cameras alone were responsible for 39% of the total.
"This shows that exploiting IP camera flaws as a repeatable point of entry to a variety of businesses is a possibility," stated dos Santos in a report.
In a neutral setting, this may mean infiltrating a corporate network system to drop ransomware and retrieve other payloads from a remote server to deploy cryptocurrency miners and perform DoS assaults against OT assets.
Organizations should identify and patch vulnerable devices, enforce network segmentation, adopt strong password rules, and monitor HTTPS connections, FTP sessions, and network traffic to reduce the possibility and impact of possible R4IoT incidents.
"Ransomware has been the most frequent threat in recent years, and it has largely crippled enterprises by exploiting flaws in traditional IT equipment," the researchers noted. Dos Santos advised using the NIST Cybersecurity Framework and zero-trust architecture, as well as effective network segmentation.
