Image: Getty/Morsa Images
Connected Internet of Things (IoT) devices such as printers, cameras and routers are leaving networks vulnerable to cyberattacks because they’re not being properly secured.
And it isn’t just home and office networks that are being left open to exploitation by malicious hackers targeting the Internet of Things – critical infrastructure is also vulnerable too because IoT security isn’t being managed correctly, potentially leaving industrial control systems exposed, Microsoft has warned.
In monitoring threats against critical infrastructure and utilities, Microsoft said its researchers investigated water utility providers in the UK with exposed IoT devices within their networks.
Using what it described as “open-source intelligence” and Microsoft Defender Threat Intelligence data, the team searched for exposed IoT devices integrated into the networks of water utility providers and found that such facilities were using Draytek Vigor routers, which are intended for home use. It also spotted exposed Wi-Fi devices and cameras.
Microsoft said its researchers have elsewhere observed attackers using a known remote code execution vulnerability in Draytek Vigor devices (CVE-2020-8515) to deploy the Mirai botnet.
“Once attackers establish device access, remote code execution vulnerabilities such as CVE-2020-8515 can then allow attackers to run malicious commands on devices, move laterally within the network, and access other