Fancy Bear Threatens IoT Device Security on Enterprise Networks

Federated Service Solutions
 / 
September 12, 2019
 / 
IOT device security Fancy Bear Hacker group

Network administrators and IT managers face daily challenges from inside and outside their organizations that threaten the stability, speed and security of their enterprise WLANs. One of the latest high-profile security threats to corporate networks comes by way of IoT device hacking from a nefarious and well-known entity called Fancy Bear.

What is Fancy Bear?

Fancy Bear is a state-sponsored Russian hacking group believed to be controlled by Russian military intelligence agency GRU, and operating since the mid-2000s. The name might sound cute, but Fancy Bear’s destructive activity has the attention of governments, intelligence agencies and technology giants around the world. They’ve successfully hacked and infected hundreds of thousands of home and office (SOHO) routers and gained control over other networked devices.

Some of Fancy Bear’s aliases include:

  • The Sofacy Group
  • The Strontium Group
  • Sednit
  • APT28
  • Pawn Storm
  • Sandworm

The group made global headlines in 2016 for being linked to the hacking of the Democratic National Committee.

From WEP to WPA3 - See how we got from the dark ages to the future of wifi security, Download the infographic

Hacking International Governments

This group was not always focused on the U.S. or our corporate networks. Some of their early work included trying to take over or phish embassies, international governments, German parliament and French TV. They went after military infrastructure–even taking a swipe at Blackwater. Their attacks were focused on gathering as much business intel and personal info as they could from entities and individuals.

They might have members of the Georgian parliment sweating the integrity of their next vote, but what exactly does this mean for the rest of us?

So far they have successfully infected over 500,000 consumer-grade routers across 50 different countries (that we know of). No one knows the specific reason behind these attacks. But what we do know is that they’ve successfully hacked several networks, including ones in the U.S., by going for really low-hanging fruit: IoT devices.

Is Fancy Bear trying to adjust your Nest thermostat? Are they coming for your corporate data through that printer on the third floor? Are Russians judging you for asking Alexa to convert 42 ounces to cups? Maybe…

IoT Device Security and Enterprise Networks

As businesses and individuals increase their reliance on IoT devices and voice commands apps like Alexa and Siri, there is an increased risk of evil forces listening, stealing, and corrupting.

Among the methods of Fancy Bear’s most recent attacks are the infiltration of various devices – mobile, smart and other, any kind of IoT device. They target these soft points, in order to infiltrate secure areas of corporate networks. The most recent Fancy Bear attacks in April of 2019 were spotted by Microsoft’s Threat Intelligence Center which has high visibility into thousands of networks using Windows on their machines.

Microsoft sent 1,400 notifications to targeted or compromised companies last year. Targets were a mix of non-governmental organizations and political organizations (about 20%) and the rest were a mix of tech, government, engineering, education and military organizations (about 80%).

The FBI has been actively battling Fancy Bear activity as well:

“The Department of Justice is committed to disrupting, not just watching, national security cyber threats using every tool at our disposal, and today’s effort is another example of our commitment to do that,” said Assistant Attorney General Demers. “This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities.”

Protect Yourself With Better IOT Device Security

Having unprotected IoT devices on your enterprise network is like living in Alaska and leaving your backdoor open for…uh…Bears to enter. By following WLAN security best practices and better managing personal and company-owned devices, you can minimize your risk of damage from groups like Fancy Bear.

Here are five tips to follow:

  1. Limit physical access. Upgrade your access control protocols and systems at your facilities.
  2. Strengthen Firewall management. Make sure you have a solid security protocol for incoming/outgoing traffic.
  3. Practice Better User management. Deploy user management software that helps you wrangle company-issued devices. Create and share a strict BYOD policy that gives you greater control over all the devices on your network.
  4. Change Default Passwords. Earlier this year, Fancy Bear carried out at least two known attacks thanks to devices that still carried factory settings with default passwords. We’re not here to shame anyone. Ok, maybe a little.
  5. Subscribe to our blog. It’s a great place to learn about the latest vulnerabilities and newest patches to stay current on the largest threats to your enterprise WLAN.

From WEP to WPA3 - See how we got from the dark ages to the future of wifi security, Download the infographic