How Can Organizations Help Protect Themselves Against R4IoT?<\/h2>\n
The R4IoT report is backed by rigorous research into IT, OT and IoT asset vulnerabilities as well as current ransomware trends. Specifically, it shows how ransomware could evolve based on: <\/p>\n
- \n
- The proliferation of IoT devices in organizations <\/li>\n
- The convergence of IT and OT networks <\/li>\n<\/ul>\n
R4IoT exploits the first trend by using exposed vulnerable devices such as an IP camera or a NAS as the initial access point. It exploits the second trend to hold OT devices hostage, thus adding another layer of extortion to an attack campaign. <\/p>\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2023\/07\/FS-2023-R4IoT-Report-Blade-v1-588x290-1.png\")
<\/p>\nDetecting Mixed IT\/IoT\/OT threats <\/h2>\n
Attacks like the one demonstrated in R4IoT require new, superior security approaches to detect and respond to threats that leverage a combination of device types as part of an attack \u2013 attacks that siloed security tools cannot fully detect. <\/p>\n
See how Forescout Threat Detection & Response can automatically detect and respond to cross-device threats like R4IoT. <\/p>\n
Access The eBook<\/a><\/p>\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2022\/05\/FS-2022-R4IoT-LP-Image-1-v01_01-Read-Report20.png\")
<\/p>\nRansomware Evolution <\/h2>\n
Cyber attacks involving OT and IoT are part of an alarming trend: large ransomware gangs, often operating a ransomware-as-a-service (RaaS) model, crippling the operations of several types of organizations, often at the same time. Attacks have moved from purely encrypting data (2019) to exfiltrating data before encryption (2020) to large extortion campaigns with several phases (2021). Sophisticated ransomware families (ALPHV<\/a>, Conti<\/a>) have been active in 2022, sometimes taking a political position after the Russian invasion of Ukraine. This evolution in attacker methods means that ransomware gangs can nowadays cripple the operations of virtually any organization. <\/p>\n
Read the Report<\/a><\/p>\n
How R4IoT Works <\/h3>\n
R4IoT exploits an IoT device for initial access, targets IT devices to deploy ransomware and crypto ware, and leverages poor OT security practices to cause physical disruption to business operations. By compromising IoT, IT and OT assets, R4IoT goes beyond the usual encryption and data exfiltration to cause physical disruption of business operations. <\/p>\n
Proof of Concept<\/h3>\n
The proof of concept on IT equipment includes deployment of a crypto miner and data exfiltration. The impact on OT is not limited to standard operating systems (e.g., Linux) or device types (e.g., building automation), does not require persistence or firmware modification on the targeted devices and works at scale on a wide variety of devices impacted by TCP\/IP stack vulnerabilities. <\/p>\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/06\/research-two-columns2.png\")
<\/p>\n![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2021\/06\/research-two-columns.png\")
<\/p>\nRead the Report<\/a><\/p>\n
Risk Mitigation Strategies <\/h2>\n
R4IoT is novel in how it combines IoT\/OT exploits with a traditional attack campaign. Still, organizations can mitigate both the likelihood and impact of this type of incident by applying controls aligned with the five NIST Cybersecurity Framework<\/a> functions. See the technical report for a detailed mitigation playbook by TTP:<\/p>\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2022\/05\/FS-2022-R4IoT-LP-Icons-v01_01-Identify.png\")
<\/p>\nIdentify and Protect<\/h4>\n
Leverage the Forescout Vedere Labs Global Cyber Intelligence Dashboard<\/a> for information about vulnerable IoT and OT assets that are being actively exploited and prioritize their protection<\/p>\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2022\/05\/FS-2022-R4IoT-LP-Icons-v01_01-Detect.png\")
<\/p>\nDetect<\/h4>\n
Use a threat detection & response solution that can correlate a series of low-confidence IT\/IoT\/OT incidents, convert them into a high-fidelity threat, and orchestrate and automate response. <\/p>\n
![](\"https:\/\/www.forescout.com\/wp-content\/uploads\/2022\/05\/FS-2022-R4IoT-LP-Icons-v01_01-Respond.png\")
<\/p>\nRespond and Recover<\/h4>\n
Be ready with policies, control and incidence response plans<\/p>\n
Read The Blog
\n<\/a>\nHow Forescout Can Help<\/h2>\n
Mitigating ransomware attacks requires complete visibility and enhanced control of all assets in your digital terrain. Forescout Platform<\/a> helps by:<\/p>\n
- \n
- Automatically detecting and responding to cross-device threats by converting telemetry and logs into high-fidelity, SOC-actionable probable threats<\/a><\/li>\n
- Providing complete visibility based on discovery, classification and assessment<\/a> of your entire asset landscape without disrupting critical business processes<\/li>\n
- Maintaining a complete asset and network communications inventory<\/a> based on deep packet inspection, which allows for network monitoring and threat hunting capabilities<\/li>\n
- Accelerating the design, planning and deployment of dynamic network segmentation<\/a> to reduce your attack surface<\/li>\n
- Sharing asset context between the Forescout Platform and other IT and security products to automate policy enforcement<\/a> across disparate solutions and accelerate system-wide response to mitigate risks<\/li>\n<\/ul>\n
Learn More<\/a><\/p>\n
Forescout Products<\/h2>\n
Get the capabilities you need to build a tailored security solution for your digital terrain and continuously automate actions to reduce cyber risk.<\/p>\n
\neyeSight
\n<\/h3>\nAssess Your Risk: Finding Vulnerable Devices<\/p>\n
eyeSight<\/a><\/p>\n
\neyeInspect
\n<\/h3>\nIdentify Attacks: Detecting Ongoing Exploits<\/p>\n
eyeInspect<\/a><\/p>\n
\neyeSegment
\n<\/h3>\nProtect Your Organization: Segmenting the Network<\/p>\n
- Providing complete visibility based on discovery, classification and assessment<\/a> of your entire asset landscape without disrupting critical business processes<\/li>\n
- Automatically detecting and responding to cross-device threats by converting telemetry and logs into high-fidelity, SOC-actionable probable threats<\/a><\/li>\n