And it isn’t just home and office networks that are being left open to exploitation by malicious hackers targeting the Internet of Things  – critical infrastructure is also vulnerable too because IoT security isn’t being managed correctly, potentially leaving industrial control systems exposed, Microsoft has warned.  In monitoring threats against critical infrastructure and utilities, Microsoft said its researchers investigated water utility providers in the UK with exposed IoT devices within their networks.  Also: Critical infrastructure is under attack from hackers. Securing it needs to be a priority - before it’s too late Using what it described as “open-source intelligence” and Microsoft Defender Threat Intelligence data, the team searched for exposed IoT devices integrated into the networks of water utility providers and found that such facilities were using Draytek Vigor routers, which are intended for home use. It also spotted exposed Wi-Fi devices and cameras. Microsoft said its researchers have elsewhere observed attackers using a known remote code execution vulnerability in Draytek Vigor devices (CVE-2020-8515) to deploy the Mirai botnet. Also: The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats “Once attackers establish device access, remote code execution vulnerabilities such as CVE-2020-8515 can then allow attackers to run malicious commands on devices, move laterally within the network, and access other vulnerable devices that were not directly exposed to the internet such as SCADA systems,” Microsoft warned. While a patch has been available to protect Draytek routers against the vulnerability for over two years, the nature of IoT devices means that network administrators can forget to apply updates – or might be unaware that updates need to be applied at all.  To help ensure Internet of Things devices, and the networks they’re connected to, are as secure and protected against cyberattacks as possible, Microsoft recommends four actions: “Given the severity of these attacks and their potential impact on the utility providers’ operations and even the safety of their customers, it becomes crucial to recognize the importance of proper security practices around IoT and OT unmanaged devices to ensure that such attacks do not happen,” said the Microsoft Defender for IoT research team. 

MORE ON CYBERSECURITY

What’s on your network? These are the devices most at risk of getting hackedThe IoT is getting a lot bigger, but security is still getting left behindYour insecure Internet of Things devices are putting everyone at risk of attackThis sneaky hacking group hid inside networks for 18 months without being detectedRansomware: It’s only a matter of time before a smart city falls victim, and we need to take action now