IoT: Unsecured IoT devices used for data exfiltration
Attacker Objective: Use unsecured IoT devices to gain access to network
Threat Type: Exfiltrating Data using IoT Devices
An oil and gas facility had two high-tech exercise bicycles that were connected to the internet and communicating through insecure methods. These were not segmented from corporate IT resources and thus presented the attacker with a network path to the organization’s critical assets.
Awake identified that the two exercise bikes were sending unencrypted HTTP traffic to the internet, and used basic authentication (a weak authentication method that exposes the username and password). Both machines were sitting on the corporate network and exfiltrating data out to the internet. Additionally, they appeared to be unpatched, leaving the facility wide open to attack.
The firm’s IT and security teams were completely unaware of these devices being on the network since existing security and configuration management tools were blind to these unmanaged IoT devices.
Awake automatically looks for weak and insecure authentication mechanisms, the use of clear text credentials, and for sensitive data leaving the network. These activities triggered an adversarial model in the Awake Security Platform which alerted the security team about the insecure IoT devices.
Dig Deeper with These Resources
Awake Security 2 Minute Explainer Video
What if security could think? What if it could sense danger, calculate risk, and react quickly based…
The Internet’s New Arms Dealers: Malicious Domain Registrars
This report dives into the results of a multi-month investigation that uncovered a massive global surveillance campaign…