As ransomware attacks have progressed from just encrypting data to extortion tactics like double and triple extortion, a new attack vector is expected to emerge.
It’s a “new, proof-of-concept ransomware that exploits an IoT device to get access and move laterally in an IT [information technology] network and disrupt the OT [operational technology] network,” according to Forescout.
The fast expansion in the number of IoT devices, as well as the convergence of IT and OT networks in companies, are driving this potential pivot.
The ultimate purpose of R4IoT is to get an initial foothold by using exposed and vulnerable IoT devices like IP cameras, then distributing ransomware in the IT network and using inadequate operational security procedures to hold mission-critical operations hostage.
“By targeting IoT, IT, and OT assets, R4IoT goes beyond the conventional encryption and data exfiltration to cause physical interruption of corporate operations,” according to the researchers, adding an extra degree of extortion to a regular ransomware assault.
R4IoT, to put it another way, is a new kind of malware that combines an IoT entry point with ransomware-related lateral movement and encryption on an IT network, inflicting widespread damage to both IT and OT networks.
In a hypothetical scenario, this may mean infiltrating a corporate network system to not only distribute ransomware, but also to obtain other payloads from a remote server in order to install bitcoin miners and perform DoS assaults against OT assets.
Organizations should identify and patch susceptible devices, enforce network segmentation, adopt strong password rules, and monitor HTTPS connections, FTP sessions, and network traffic to reduce the possibility and impact of possible R4IoT events.
“Ransomware has been the most frequent threat in recent years, and it has largely crippled enterprises by exploiting flaws in conventional IT equipment,” the researchers found.
“However, new networking trends have expanded the quantity and variety of OT and IoT devices, posing a danger to practically every firm.”