As ransomware attacks have progressed from just encrypting data to extortion tactics like double and triple extortion, a new attack vector is expected to emerge. Forescout’s Ransomware for IoT, or R4IoT, is a “novel, proof-of-concept ransomware that exploits an IoT device to gain access and move laterally in an IT [information technology] network and impact the OT [operational technology] network.”
The fast expansion in the number of IoT devices, as well as the convergence of IT and OT networks in companies, are driving this potential pivot. The overall purpose of R4IoT is to get an initial foothold by using exposed and vulnerable IoT devices like IP cameras, then distributing ransomware in the IT network and using inadequate operational security procedures to hold mission-critical operations hostage.
According to the researchers, R4IoT goes beyond the normal encryption and data exfiltration by attacking IoT, IT, and OT assets, causing physical interruption of corporate operations and adding an extra layer of extortion to a regular ransomware attack. In other words, R4IoT is a new type of malware that combines an IoT entry point with ransomware-related lateral movement and encryption on an IT network, inflicting widespread damage to both IT and OT networks.
In a hypothetical situation, this may mean infiltrating a corporate network system to not only distribute ransomware but also to obtain other payloads from a remote server in order to deploy bitcoin miners and perform DoS attacks against OT resources. Organizations should identify and patch susceptible devices, enforce network segmentation, adopt strong password rules, and monitor HTTPS connections, FTP sessions, and network traffic to reduce the possibility and impact of possible R4IoT events.
The research experts concluded that ransomware had been the most frequent threat in recent years, and it has mostly used weaknesses in traditional IT equipment to harm enterprises. However, new networking trends have expanded the number and variety of OT and IoT devices, posing a risk to practically every business.