R4IoT: When Ransomware meets the Internet of Things

What can happen when ransomware threat actors meet a world full of vulnerable IoT/OT devices?

Our presentation answers this question in three parts: new attacker opportunities for initial access and impact based on threat actor research and the observed network landscape; development of a proof-of-concept exploiting these opportunities; and defense possibilities against this evolving type of threat.

Ransomware is currently the biggest threat for most organizations because attackers have been evolving quickly and moved from purely encrypting data to large extortion campaigns with several phases, including exfiltration and denials of service. We explore the current state of ransomware attacks and business networks to show how ransomware could evolve in the coming years because of the proliferation of IoT devices in enterprise organizations and the convergence of IT and OT networks.

We will demonstrate a proof-of-concept ransomware that exploits exposed vulnerable IP cameras and NAS devices for initial access, moves laterally on the IT network, and holds OT devices (such as PLCs) hostage to achieve final objectives that go beyond the usual encryption and exfiltration to cause physical disruption on business operations, thus adding a new layer of extortion to attack campaigns.

Finally, we discuss how cybersecurity controls based on full network visibility and segmentation aligned to mature frameworks can be used to detect and stop these attacks or, even better, prevent them from happening in the first place.

• Learn how ransomware threats have evolved to become the biggest cyberthreat for organisations nowadays.
• Understand that the evolution of the ransomware threat landscape is far from over because malicious actors still have a large attack surface to explore.
• See a proof-of-concept malware that exploits IoT devices for initial access, moves laterally on the IT network, and holds OT devices hostage.
• Learn ways to mitigate these evolving attacks and decrease the overall risk that organizations are exposed to.