The Hidden Threat: The Use of IoT Devices in Modern Cyberwarfare
Russian Hack of Ukrainian Surveillance Cameras
The Security Service of Ukraine (SSU) has disabled two automated online surveillance cameras that were hacked and manipulated by Russian secret services. The two devices, surreptitiously adjusted by Russia, were used for spying on Ukrainian defense operations in Kyiv during the January 2nd missile attack, gathering valuable data on air defense and critical urban infrastructure. One of the cameras was located on an apartment balcony, while the other was in a residential area within Kyiv. Local housing cooperatives normally use the cameras to monitor the security situation.
The SSU's successful operation to take down the two hacked webcams represents a significant step in reducing the threat from Russian surveillance. The operation involved identifying the locations of the compromised cameras and then dismantling them. Following the attack on January 2, the SSU was able to determine that these cameras had been manipulated to broadcast the air defense operations in Kyiv.
Cameras used for spying on air defense systems and critical infrastructure in Kyiv
Russian secret services hacked these residential cameras, changing their viewing angles for optimal capture of the city's critical sites. They even connected the cameras to a YouTube streaming platform for real-time access. The illicit surveillance allowed them to gather pivotal data on Kyiv's air defense positions and operations that guided Russia's missile attack on the city.
Information from hacked cameras aided Russia's January 2 missile attack on Kyiv
It is believed that the information collected from the hacked cameras significantly aided the missile attacks on Kyiv, which specifically targeted critical infrastructures. This use of the hacked surveillance cameras for intelligence purposes by Russian secret services demonstrates an alarming level of cyber intrusion committed by Russia on Ukraine's sovereignty.
SSU has blocked approximately 10,000 IP cameras since Russia's invasion
Since the onset of Russia's invasion, the SSU has taken determined measures to mitigate further cyber threats, blocking the operation of nearly 10,000 IP cameras, which Russians may potentially use for similar surveillance activities. Sustained efforts by the SSU have been crucial in preventing the exploitation of Ukraine's security infrastructure for directing missile strikes and other combat operations.
Use of IoT Devices in Cyberwarfare
In modern warfare, the rising reliance on technological devices and systems, particularly the Internet of Things (IoT) devices such as surveillance cameras, has opened up new terrains of vulnerabilities and threats. As seen in the ongoing Ukraine-Russia conflict, both sides have resorted to hacking IP cameras and other IoT systems to gather intelligence, develop strategies, and propagate their agendas.
Both sides in the Ukraine/Russia conflict hack IP cameras and other IoT systems
The strategic benefits and opportunities offered by exploiting technological gadgets, particularly IoT devices, have not gone unnoticed. Separate from merely amassing intelligence, exploiting these devices also enables lateral movements into other systems. Bud Broomhead, the CEO at Viakoo, highlighted that both sides have tapped into the potential of surveillance cameras and other IoT systems to further aid their objectives in the ongoing conflict between Ukraine and Russia. This practice of exploiting technological devices in warfare is not new and has been recorded in past conflicts, such as that between Israel and Hamas.
IoT systems often poorly maintained and lack proper cyber hygiene
Broomhead pointed out that surveillance cameras, making up a significant part of IoT devices, are often overlooked and poorly maintained, often due to a 'set it and forget it' attitude from administrators. These systems hardly fall within formal IT protocols or management and thus lack adequate cyber security hygiene, including regular measures for firmware patching, password rotation, and certificate management. According to research by Palo Alto Networks' Unit 42, this has resulted in a notable security disparity. Although security cameras only constitute 5% of enterprise IoT devices, they account for 33% of all security issues.
IoT devices provide a wealth of reconnaissance and control not previously available
Ken Dunham, the Cyber Threat Director at the Qualys Threat Research Unit, emphasized how IoT systems now underpin a wealth of resources for reconnaissance and control that were previously unavailable, thereby redefining the dynamics of cyber and conventional warfare. This influx of 'smart' devices, including cameras and other audio-visual gadgets, allows creative command and control methods that were non-existent in previous generations of hacking.
Callie Guenther, the Senior Manager of Cyber Threat Research at Critical Start, endorsed the need for extreme caution with IoT security that hasn't caught up with the pace of technological adoption. She warned against the lack of robust security mechanisms in many IoT devices, such as insufficient authentication, infrequent security updates, and the absence of monitoring and detecting unusual activities. Hence, as IoT devices become increasingly integral to critical operations and more commonplace, their security implications grow considerably more profound and critical, necessitating heightened attention and measures.
Cybersecurity Precautions for IoT Devices
In the age where Internet of Things (IoT) devices significantly define the nature of warfare, certain vigilant cybersecurity precautions need to be considered for effective defense, as highlighted by cybersecurity experts following the hacking of Ukrainian webcams by Russian secret services. These heightened precautions encompass the relevance of security operation centers (SecOps), the instrumental role of segmented networks, and the broad critical evaluation against obscure security systems.
Importance of SecOps for all areas of infrastructure, including physical security controls
Bud Broomhead, CEO at Viakoo, has emphasized the key role that SecOps plays in cybersecurity while discussing the cyber issues related to IoT devices. He notes that many surveillance cameras should be managed more judiciously according to IT standards. These cameras are often set up outside IT's remit and are not provided with routine maintenance or security checks. This neglect can be detrimental, paving the way for hackers to compromise and use them for spying, collecting intelligence, or spreading propaganda, as seen in ongoing international conflicts.
Need for segmented networks and air-gapping
Network segmentation or air-gapping, separating a computer or network from the internet and other computers or networks, is an essential precautionary measure to bolster security around IoT devices. Cybersecurity experts suggest that causing functional gaps between various network divisions can prevent attackers from easily accessing valuable information or compromising entire systems. Therefore, even if a particular IoT device, such as a camera, is hacked, the harm could be localized and mitigated promptly.
Warning against the assumption that security cameras are secure by being obscure in a segmented network
While the network segmentation strategy is effective, it is not a fail-proof safety measure, and the security of IoT devices should not be taken for granted. Findings indicate that while security cameras constitute a small percentage of enterprise IoT devices, they account for a large share of security issues. Thus, the assumption that security cameras are secure by being obscure or discrete is a misconception and underlines the need for concerted regular safety checks and updates. The Security Service of Ukraine (SBU) reminder after the recent Kyiv incident, urging Ukrainian citizens to take their cameras offline, further underscores the urgency of IoT security.
Lessons From Cyberwar
The ongoing conflicts worldwide, coupled with the escalating reliance on technological devices, have presented several lessons highlighting the vulnerabilities and potential threats in cyber warfare. These issues stretch from the vulnerability of cars' software systems to the cyber operations underway due to Russia's invasion of Ukraine.
Numerous vulnerabilities discovered in vehicles from 16 carmakers
The advent of digitization has not left the automotive industry untouched. With cars getting smarter, they have also become more vulnerable to cyber threats. The software systems of cars produced by 16 different manufacturers have been revealed to harbor numerous vulnerabilities. The incidents of hacking vehicles highlight a severe lapse in automotive security measures, necessitating improved cyber protections for our digital vehicles.
Awareness of zero-day remote code execution attacks hitting Microsoft Office productivity suite
Cyber-warfare has seen increased incidences of zero-day remote code execution attacks targeting widely used software suites such as Microsoft Office. The widespread adoption of such software, coupled with their vulnerability to zero-day exploits, underscores the need for constant software patching, use of robust security software, and education about potential threats.
Russian espionage group infiltrated a Tajikistani telecoms provider
The Tajikistani telecoms provider episode where a Russian espionage group infiltrated the system underlines how cyber tactics can be utilized to compromise infrastructure crucial to a nation's functioning. The incident outlines the need for robust cybersecurity measures for safeguarding critical national infrastructure sectors.
Exploitable vulnerability affecting Dahua cameras and video recorders
Dahua cameras and video recorders have been discovered to have exploitable vulnerabilities that malicious actors could manipulate for unauthorized access and control. This highlights the broader issue of cybersecurity lapses in internet-connected devices like cameras, again emphasizing the necessity for continuously updated security measures.
Cybersecurity companies summarize cyber operations and their impact on the first anniversary of Russia's invasion of Ukraine
As cybersecurity companies took stock on the first anniversary of Russia's invasion of Ukraine, the prevailing scenario underscores the increasing relevance of cyber operations in modern warfare. The cyberattacks and countermeasures enacted during the conflict have had significant political and socio-economic implications, underscoring the importance of establishing strong cybersecurity infrastructures.