Ukraine accused Russia of hacking webcams to spy on Kyiv targets ahead of a deadly air raid this week, an example of how cyberattacks against internet-connected devices have become a part of modern warfare.
The attacks primarily targeted Kyiv and Kharkiv, Ukraine's second largest city, and reportedly killed at least five people and injured 129.
The Russians allegedly changed the viewing angle of one of the cameras, located on an apartment building balcony, and live-streamed the feed on YouTube.
For the past 15 years, waring nations have targeted vulnerabilities in industrial control systems, operational technology, and Internet of Things devices to gain an advantage, said Bud Broomhead, CEO at Viakoo.
An early example was the Stuxnet worm which was developed from around 2007 to derail Iran's burgeoning nuclear program by compromising supervisory control and data acquisition systems.
Research by Palo Alto Networks' Unit 42 in 2021 found that while security cameras make up only 5% of enterprise IoT devices, they account for 33% of all security issues.
Callie Guenther, senior manager, cyber threat research at Critical Start, said the Kyiv incident was a reminder that IoT security was lagging behind the pace of technological adoption.
In its statement on Russia's webcam hacking, the SBU urged Ukrainians to take all cameras offline and to report any live streams they were aware of.
The security service reminded citizens it was illegal to film and publish military activity, and doing so was punishable by up to 12 years' imprisonment.
This Cyber News was published on packetstormsecurity.com. Publication date: Fri, 05 Jan 2024 15:13:04 +0000