Forescout’s Vedere Labs reveals proof of concept of ransomware for IoT


Forescout’s Vedere Labs has launched new research titled R4IoT (Ransomware for IoT), a proof-of-concept study demonstrating how next-generation ransomware can exploit IoT devices for initial access and lateral movement to IT and OT assets, with the intention to cause physical disruption to business operations.

The R4IoT study emerged from the observation of an increase in the number and diversity of IoT, IoMT, and OT devices connected to standard corporate IT networks and the ransomware attacks that were being attempted. The rapid expansion in the number of connected devices in organizations exponentially increases the risk posture of nearly every business across the globe, all related to the growth of IoT devices in corporate networks, converging IT and OT networks, and the rise of supply-chain vulnerabilities.

Sharing his insights on the report, Daniel dos Santos, Head of Security Research for Forescout said, “R4IoT is the first work to analyze how ransomware impacts IoT for these domains and delivers a full proof-of-concept from initial access via IoT to lateral movement in the IT network, and the subsequent impact on the OT network. Threat actors are exploiting a broader threat surface than before, and we see hacking groups discussing IoT access on forums today.  It has become imperative to arm organizations with knowledge to extend their proactive defenses and ensure IoT devices have adequate segmentation from their critical IT and OT infrastructure.”

The proof-of-concept, demonstrated in this video and detailed in Vedere Labs’ technical report, is a clear demonstration of how IoT and OT exploits can be combined with a traditional ransomware campaign. It also shows that to mitigate this type of attack, solutions are required that allow for complete visibility and enhanced control of all the assets in a network.

Ransomware’s post-COVID evolution

As reported, India is amongst the top 10 countries most affected by ransomware attacks making it a grave concern across the senior leadership and management teams.

These incidents are part of a growing and alarming trend wherein large ransomware gangs, often operating under a RaaS model, cripple the operations of multiple types of organizations simultaneously to maximize their impact.

Speaking further on this, Daniel dos Santos, Head of Security Research for Forescout added,“It’s no secret that ransomware is a rapidly evolving global threat. While businesses across the world look to optimize their operations and ride the digital transformation wave, cybersecurity teams are perennially understaffed and under-resourced. We know that being able to successfully respond to ransomware depends on being properly equipped and prepared. By developing a proof-of-concept like R4IoT, Forescout has gotten in front of the threat actors and provided tech teams with the tools they need to do the same”.


Please enter your comment!
Please enter your name here