Investigation Conducted By Microsoft Reveals The Cause For High Cyber-attacks

  • Several sources estimate that by the year 2020, nearly 50 billion IoT devices will be deployed worldwide.
  • To counter the growing number of cyber-attacks, several recommendations have been suggested.

Researchers at Microsoft have identified the culprits of the recent cyber-attacks as a group called Strontium (aka Fancy Bear, APT28, Pawn Storm…). Their attack method is infamous for exploiting the poor security of the IoT devices. Because of which, several “popular IoT devices” such as Voice-over-Internet-Protocol (VOIP) phones, printers, and video decoders haven fallen prey to these attackers. 

How it happened

The hackers gained access to the IoT devices and used simple shell scripts to detect network traffic for local connections, thus gaining further access to other devices on the same network. This script enabled them to retain access for an indefinite period of time. 

The research team discovered that while the default password for some of the devices had not been changed, others were running older software with no latest security update.


For securing IoT devices, it is highly essential to enforce stricter and better security practices for IoT devices that are connected to corporate networks and consistently monitor these devices for any odd behaviour such as pings to external servers. Additional recommendations include:-

  • Avoid exposing IoT devices directly to the internet or create custom access controls to limit exposure.
  • Use a separate network for IoT devices if feasible.
  • Conduct routine configuration/patch audits against deployed IoT devices.
  • Define policies for isolation of IoT devices, preservation of device data, ability to maintain logs of device traffic, and capture of device images for forensic investigation.
  • If your devices are deployed/managed by a 3rd party, include explicit Terms in your contracts detailing security practices to be followed and Audits that report security status and health of all managed devices.
  • Where possible, define SLA (Service Level Agreement) Terms in IoT device vendor contracts that set a mutually acceptable window for investigative response and forensic analysis to any compromise involving their product.


The research team deduced that as IoT devices are being widely implemented in the enterprise sector, their vulnerabilities can expose organisations to such attacks when not being expected. According to Microsoft, the “number of deployed IoT devices exceed the number of personal computers and mobile phones combined.” As technology progresses, the cyberattacks have also increased. This calls for more advanced techniques counter such threats.