Forescout Venture Labs develops PoC IoT ransomware

Forescout’s Venture Labs has published a proof-of-concept study demonstrating how IoT devices can be vulnerable to next-generation ransomware.

The R4IoT (Ransomware for IoT) study predicts that IoT devices will be the next threat vector, serving as pivot points for penetrating the larger corporate network.

According to the researchers, the rapid proliferation of IoT devices in use by many organisations, coupled with the rise of supply chain vulnerabilities, is exponentially increasing their risk posture to these emerging threats.

Venture Labs Head of Security Research Daniel dos Santos said the plethora of ransomware attacks in 2021 is part of a growing trend involving large ransomware gangs performing ransomware as a service, and crippling the operations of multiple types of organisations simultaneously to maximise their impact.

“R4IoT is the first work to analyse how ransomware impacts IoT for these domains and delivers a full proof of concept from initial access via IoT to lateral movement in the IT network, and subsequent impact on the OT network,” he said.

“Threat actors are exploiting a broader threat surface than before and we see hacking groups discuss IoT access on forums today.  It has become imperative to arm organisations with knowledge to extend their proactive defences and ensure IoT devices have adequate segmentation from their critical IT and OT infrastructure.”

Image credit: ©stock.adobe.com/au/Bits and Splits