Forescout’s Vedere Labs launches new proof-of-concept study on ransomware

Forescout’s Vedere Labs recently launched new research titled R4IoT (Ransomware for IoT), a proof-of-concept study demonstrating how next-generation ransomware can exploit IoT devices for initial access and lateral movement to IT and OT assets, with the intention to cause physical disruption to business operations.

The R4IoT study emerged from the observation of an increase in the number and diversity of IoT, IoMT and OT devices connected to standard corporate IT networks and the ransomware attacks that were being attempted. The rapid expansion in the number of connected devices in organisations exponentially increases the risk posture of nearly every business across the globe, all related to the growth of IoT devices in corporate networks, converging IT and OT networks, and the rise of supply-chain vulnerabilities.

“R4IoT is the first work to analyse how ransomware impacts IoT for these domains and delivers a full proof-of-concept from initial access via IoT to lateral movement in the IT network, and subsequent impact on the OT network,” said Daniel dos Santos, Head of Security Research, Forescout Vedere Labs.

“Threat actors are exploiting a broader threat surface than before and we see hacking groups discuss IoT access on forums today. It has become imperative to arm organisations with knowledge to extend their proactive defences and ensure IoT devices have adequate segmentation from their critical IT and OT infrastructure.”

Ransomware’s post-COVID evolution

2021 saw a plethora of devastating cyber-attacks, including ransomware attacks on Colonial Pipeline and JBS foods, as well as the Kaseya/REvil incident that simultaneously impacted more than 1,500 organisations across the globe.

These incidents are part of a growing and alarming trend wherein large ransomware gangs, often operating under a RaaS model, cripple the operations of multiple types of organisations simultaneously to maximise their impact.

Daniel Dos Santos continues: “Having a view into millions of organisations’ connected devices – IT, IoT, OT and IoMT – we can see the unfortunate reality ahead. Sooner rather than later, an attack infiltrating these device types could completely change the way we look at the impact of ransomware. Enterprises need to fight back against this by improving device visibility across their networks. This will help identify and secure weaknesses that could otherwise be exploited. By developing a proof-of-concept like R4IoT, Forescout is ahead of the threat actors.”