In modern conflicts, the first shot fired is rarely a bullet; it is a digital exploit. And increasingly, the primary target is the very technology designed to keep us safe: physical security cameras and connected IoT infrastructure. This is true of what is currently happening in Iran, but also of virtually all modern conflicts.
During the early days of the conflict in Ukraine, we witnessed the initial weaponization of OT and IoT devices, as adversaries hijacked local surveillance cameras to monitor troop movements. But what started as a novel tactic has rapidly evolved into a standard operating procedure for global threat actors. The camera on the corner of a building, the sensor at the loading dock, and the unmanaged IP video system in the parking lot have been transformed into enemy sensors. For enterprise security teams and CISOs, these geopolitical events are not just distant news stories—they are a stark warning about the glaring vulnerabilities sitting on your own network perimeter.
The Escalation of Camera Warfare
The weaponization of cameras is not entirely new, but the scale is accelerating. As we noted previously in our blog, “How To Hack The Kremlin? Cameras, Of Course. – Viakoo, Inc,” hacktivists like Anonymous proved early on that IP cameras are the ultimate low-hanging fruit. Because IoT devices lack standard operating systems and cannot support traditional IT security agents, they offer an undefended backdoor into highly secure environments.
This tactic quickly escalated into full-blown nation-state strategy. As detailed in “Declaring War on Vulnerable IoT Devices – Viakoo, Inc,” military intelligence units recognized that hacking residential cameras, coffee shop surveillance systems, and municipal traffic feeds provides cheap, real-time intelligence. Threat actors shifted to “living on the edge,” exploiting the exact devices that organizations routinely forget to patch. Today, those tactics have expanded globally:
Missile Guidance via Unpatched Cameras: Threat actors are intensely scanning and exploiting internet-facing security cameras (such as Hikvision and Dahua models) across the Middle East to conduct real-time “battle damage assessments” and adjust the targeting of incoming ballistic missiles.
Critical Infrastructure Espionage: State-sponsored actors are aggressively targeting white-labeled IP cameras deployed within U.S. critical infrastructure (specifically energy and chemical sectors). Once inside the camera, they pivot laterally to exfiltrate sensitive industrial process data.
Beyond Surveillance: The Cyber-Physical Threat
The danger of unmanaged IoT extends far beyond espionage; it bleeds into the physical world. When threat actors compromise cyber-physical systems, the results are visceral. As we highlighted in “IoT Security Failures Can Be Shtty – Viakoo, Inc,“* a suspected cyberattack caused a skyscraper-high plume of sewage to erupt in Moscow.
While a sewage explosion is an extreme (and literal) mess, it proves a critical point: attacks on OT/IoT systems have real-world, kinetic consequences. Whether it is a hacker manipulating chemical levels at a water treatment plant or an adversary locking down the doors of a mass transit hub, the failure to secure these devices directly impacts human safety and business continuity.
The Enterprise Implication: The “Action Gap”
Why should an enterprise CISO care about military actors hacking cameras half a world away? Because the methods these nation-states use are identical to the methods used by ransomware gangs and cybercriminals targeting corporate networks. These military hackers are rarely burning multi-million-dollar zero-day exploits on a security camera. They are simply exploiting the Action Gap.
For the past decade, the cybersecurity industry has poured billions of dollars into visibility—buying tools that discover assets and identify vulnerabilities. We know the cameras have default passwords. We know they are running firmware that is three years out of date.
But seeing the problem is not fixing the problem. The “Action Gap” is the dangerous space between knowing a vulnerability exists and actually remediating it. When an enterprise has 10,000 physical security devices, manual firmware patching is virtually impossible. A vulnerability that takes a technician weeks to manually patch can be exploited by an automated botnet in seconds. In fact, a 2025 study by Google Mandiant determined that the time from a vulnerability being disclosed to it being exploited is now just 4 days; in 2019 that time was roughly 63 days.
What Enterprises Must Do Now
The era of “set and forget” physical security is over. To defend against this escalating threat landscape, enterprises must fundamentally change how they manage their OT/IoT fleets.
1. Shift from “Discovery” to “Automated Remediation”
Visibility without action just creates expensive alert fatigue. Enterprises must deploy platforms capable of safely automating the remediation process. Pushing verified firmware updates to thousands of cameras, NVRs, and IoT endpoints simultaneously—without rolling a truck or breaking the device—is the only way to close the Action Gap and outpace automated threats. To combat AI-driven threats (because of their volume and velocity), autonomous remediation with human-in-the-loop decision making (such as Viakoo’s AutoMode technology) best addresses this need.
2. Enforce Non-Human Identity Management and Zero Trust at the Edge
You must implement automated zero-trust certificate management to ensure that only authenticated devices are communicating on your network. Automate the issuance and rotation of 802.1x and TLS certificates, and enforce complex, multi-vendor password rotation to eliminate the risk of default credentials. Doing this through automation is critical, especially as we fast approach post-quantum encryption and it’s requirements to deploy new types of certificates and update them more frequently.
3. Implement Continuous Monitoring (ConMon)
Physical security environments suffer from rapid and continuous changes as devices go offline, configurations change, and new vulnerabilities are discovered. Continuous monitoring ensures that your IoT fleet remains compliant with corporate policy and regulatory frameworks (like NIST) 24/7/365.
Your physical security systems are deployed to protect your people and your assets. Without automated remediation, those same systems can easily become the most vulnerable entry point into your organization. It is time to treat your unmanaged OT and IoT systems with the same rigorous, automated security standards applied to your IT infrastructure.
Ready to close the Action Gap? Learn how the Viakoo Action Platform provides autonomous firmware patching, password rotation, and certificate management at enterprise scale.
