November 21, 2019

November 20, 2019

Subscribe to Latest Legal News and Analysis

November 19, 2019

Subscribe to Latest Legal News and Analysis

November 18, 2019

Subscribe to Latest Legal News and Analysis

Interlopers in Things? IOT Devices May be used as Backdoors to your Network

This month Microsoft reported that its Threat Intelligence Center discovered that IoT (internet of things) devices – a VOIP phone, a printer and a video decoder – were used to gain access to corporate networks in April.

Microsoft have identified Strontium – also known as Fancy Bear or APT28 – as the culprit, a hacker group associated with the Russian government who appear to be targeting government, IT, military and defence, engineering, medical and education sectors. Strontium has been linked to the hacking of Hillary Clinton’s presidential election campaign and of the email accounts of researchers investigating the missile strike on MH17 and the Skripal poisonings. In the last 12 months alone Microsoft has delivered almost 1,400 notifications to those targeted or compromised by Strontium.

This is just one of a growing population of examples of IoT devices being used to gain unauthorised access to the networks they are connected to. When an actor gains access to a network via an IoT device, they will often sniff out other unsecure devices to provide them with broader access to the network and will target higher-privileged accounts in order to obtain deeper network access.

With more IoT devices than the number of personal computers and mobile phones combined, cybersecurity risk for organisations is escalating, with each IoT device bringing its own bundle of vulnerabilities and weaknesses to the network it is connected to. Even organisations with high risk tolerance will find this unsettling, however recent polling by Deloitteshows that organisations are on the backfoot when it comes to securing IoT devices, with only 18% of respondents feeling “very confident” in their organisations’ ability to secure connected devices.

This post features contributions from Karla Hodgson.

Copyright 2019 K & L Gates

TRENDING LEGAL ANALYSIS


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm
Partner

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...

+61.3.9640.4261