In a report released Wednesday, Forescout’s research team, Vedere Labs, have updated their findings on the riskiest devices in enterprise networks in 2022. By analyzing the millions of IoT devices in Forescout’s Device Cloud, they identified recurring attack vectors and how threat actors are taking advantage of the increased proliferation of devices throughout every enterprise.
Key findings of this report include:
- In addition to device types observed as the riskiest in 2020, such as networking equipment, VoIP, IP cameras and PLCs, new entries, such as medical use of hypervisors and human machine interfaces (HMIs) have broadened the attack surface
- Government and financial have the highest risk at 43% for government and 37% for financial
- The ranking of riskiest devices does not change considerably per industry
- The riskiest IT and OT devices remain nearly constant across different regions, while the riskiest IoT devices change slightly, and the riskiest IoMT (healthcare) devices change considerably
- Implementing automated controls that do not rely only on security agents and that apply to the whole enterprise can help reduce risk across an organization
“It is not enough to focus defenses on risky devices in one category since attackers can leverage devices of different categories to carry out attacks. We have demonstrated this with R4IoT, an attack that starts with an IP camera (IoT), moves to a workstation (IT) and disables PLCs (OT)” the report stated.
Forescout’s risky devices report highlights the need for basic mitigation steps like network segmentation and complete patching of devices. While the report focuses on IoT and OT, often these threats use Windows endpoints to propagate across shared networks, as evidenced by all-too-familiar headlines over the last few years. Some enterprises only patch critical and high vulnerabilities, ignoring the risk of chained medium and low CVEs to build attack vectors. Other enterprises patch IT machines while relegating OT Windows patching to site support that may be under-staffed. Bridging cybersecurity leadership, people, processes, and tools across IT, IoT, and OT are essential to comprehensive visibility and mitigation of these risks.
According to Statista, the number of IoT devices is projected to reach 30.9 billion units by 2025. IoT devices continue to be threats in organizations and homes due to their increasing prevalence and relatively poor security. Add to this, even for informed users of these devices, they are often not user serviceable, patchable, or upgradeable.
It should come as no small surprise that IoT devices with cameras and microphones present are highly interesting to adversaries. Although any IoT device can be used for botnets, lateral movement, or any other nefarious acts; those with cameras and mics can be used for so much more. The presence of these capabilities opens up the aperture for increased remote espionage, observing staff and security movements, and an increase in targeted attacks based on the intel gathered.