What if ransomware evolved to hit IoT in the enterprise?

2022-06-01 06:34

The security firm's Vedere Labs team said it developed a proof-of-concept strain of this type of next-generation malware, which they called R4IoT. After gaining initial access via IoT devices, the malware moves laterally through the IT network, deploying ransomware and cryptocurrency miners while also exfiltrating data, before taking advantage of operational technology systems to potentially physically disrupt critical business operations, such as pipelines or manufacturing equipment.

These types of increasingly destructive attacks, combined with the growing number of internet-connected devices led the researchers to consider: what if ransomware exploited IoT gear to get into a corporate network.

As the number of IoT devices increases, enterprises' attack surface grows, and ransomware gangs that only focus on IT equipment are missing out of a massive number of potential points of entry.

IoT and OT represent 44 percent of the total devices in enterprise networks, according to Forescout.

The tipping point for criminals to start targeting these devices for ransomware attacks, "Will probably be when the IT and OT devices surpass 50 percent," dos Santos said.

The programs allow lateral movement in the network by attacking domain controllers and also include a command-and-control agent for future malware and data exfiltration, a crypto miner, and an executable that launches DDoS attacks against critical IoT and OT assets.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/01/ransomware_iot_devices/

#IOT #ransomware