Trend Micro’s recent report on the Water Barghest threat actor underlines a critical issue that has long plagued the IoT ecosystem: the security shortcomings inherent in many connected devices. With over 20,000 IoT devices compromised and exploited as residential proxies within minutes, this story highlights the growing risks posed by insecure IoT devices and the urgent need for proactive security measures.

This is yet another wake-up call for organisations relying on IoT and OT that without robust security practices, these devices can rapidly transition from valuable business enablers to significant vulnerabilities in your network.

Connected devices can be your weakest links

We all know how transformative connected devices have been to many industries from manufacturing and healthcare to smart cities. Yet many of these devices are not designed with security as a priority. In fact, there are some common vulnerabilities that attackers, like Water Barghest, exploit:

1. Default or Hardcoded Credentials
   Many IoT devices ship with default usernames and passwords that remain unchanged after deployment. These credentials are often widely known or easily guessable, providing an open door for attackers.
2. Lack of Encryption
   IoT devices frequently transmit sensitive data without proper encryption, leaving it exposed to interception and tampering.
3. Unpatched Vulnerabilities
   Device manufacturers often fail to provide timely security updates, leaving devices exposed to known vulnerabilities.
4. Limited Monitoring and Lifecycle Management
   IoT devices are often deployed and forgotten, with little visibility into their operational state or security posture.

These issues create ideal conditions for adversaries like Water Barghest, who rely on automation to rapidly identify and exploit insecure devices. Once compromised, devices are quickly added to botnets and monetized, as seen in the case of the Ngioweb malware.

Knowing your network is essential

The Water Barghest story highlights a critical point: you cannot secure what you cannot see. Organisations need to maintain visibility into all connected devices on their network to identify risks and take corrective action.

This involves:

• Discovering Devices: Understanding what IoT and OT devices are connected to your network. Shadow IT and unmanaged devices can create blind spots that attackers exploit.
• Assessing Security Posture: Regularly monitoring devices for vulnerabilities, outdated firmware, or signs of compromise.
• Automating Remediation: Deploying automated tools to enforce security policies, rotate credentials, update firmware, and revoke access to compromised devices.

These are our mantra at Device Authority and what we have built our KeyScaler solution to support. We do this in the following ways:

• Secure Onboarding: Our KeyScaler platform ensures secure and automated onboarding with strong credentials.
• End-to-End Encryption: It protect sensitive data from device to cloud, safeguarding against interception and tampering.
• Lifecycle Management: We continuously manage device security through automated certificate management, firmware updates, and secure decommissioning.
• Risk Monitoring: KeyScaler provides real-time visibility into device vulnerabilities and compliance, enabling organisations to stay ahead of threats.

The persistence and automation used by Water Barghest demonstrate that IoT security can no longer be an afterthought. The rapid exploitation of vulnerable devices, often within minutes, highlights the need for a proactive approach to securing IoT ecosystems and this issue should be making its way towards the top of CISOs priority agendas as we go into 2025.