Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Increased exploitation of Internet of Things devices

published on 2022-09-23 10:34:31 UTC by
Content:

Devices that fall within the category of the Internet of Things (IoT) are developed with portability and connectivity as the main focus, not necessarily security. But that might be an issue...

As IoT devices have become integrated into our daily lives, threat actors have begun seeking out opportunities to exploit such devices in order to gain access to the often more valuable connected network.

IoT devices (technology describing the ability of everyday objects - rather than computers and smartphones - to connect to the internet. Examples include speakers, televisions and security cameras. Find out more about IoT devices via Wired’s article: What is the Internet of Things? WIRED explains) are notoriously difficult to maintain due to not being limited to any single geographical area and not always prompting users to apply regular security updates.

This provides opportunities for threat actors to exploit unpatched vulnerabilities; recent activity demonstrating this has been identified with unpatched Hikvision surveillance cameras being exploited by Chinese threat groups tracked as APT41 and APT10, and a hi-tech coffee machine at a very established organisation who wish to remain anonymous being hacked!

Research by Cyfirma has identified that when sampling 250,000 devices, over 80,000 were unpatched and susceptible to CVE-2021-3620 (CVSS 9.8), a critical command injection vulnerability that is being exploited by the aforementioned threat groups.

During the study, the UK ranked fourth in the world for the greatest number of devices left unpatched, which is substantial considering the small size and population of the UK compared to the leading countries, China, USA, and Vietnam.

When patching or evaluating security, IoT devices as a whole are often overlooked in favour for more critical infrastructure or larger storage devices.

This may leave the network exposed as threat actors pivot their tactics, techniques, and procedures (TTPs) towards the targeting of IoT devices in search for out of date systems to exploit with the objective of harvesting credentials or moving laterally towards the organisation’s main network.

The challenge

Maintaining the cyber security of an IoT device can be challenging, which is often why it's overlooked.

The key to improved IoT security lies in limiting the connectivity of IoT devices and networks to the business network. Then, if an IoT device or IoT network is compromised, damage can be contained.

Read more on how to effectively secure your IoT devices via this article from nozominetworks.com: Addressing IoT Security Challenges


Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


Article: Increased exploitation of Internet of Things devices - published about 2 years ago.

https://www.emcrc.co.uk/post/increased-exploitation-of-internet-of-things-devices   
Published: 2022 09 23 10:34:31
Received: 2022 10 07 09:53:41
Feed: The Cyber Resilience Centre for the East Midlands
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 4

Custom HTML Block

Click to Open Code Editor