Networking equipment and IoT devices pose a major security risk: Forescout

IT systems – and this year in particular networking equipment – continue to pose the greatest security risk to organizations, but Internet of Things (IoT) devices are rapidly climbing the ladder, according to researchers at Forescout’s Verdere Labs.

In this year’s Riskiest Connected Devices report, released this week, researchers found that among IT devices, networking equipment – such as wireless access points and routers – appeared for the first time to be more vulnerable to attacks than endpoints such as computers, servers and hypervisors.

Additionally, these IT systems as a group still accounted for 58% of the vulnerabilities found in the four groups Verdere Labs examined – the other three being IoT, operational technology (OT) and the Internet of Medical Things (IoMT). a decrease compared to 2023, when it amounted to 78%.

Instead, IoT devices such as network-attached storage (NAS) systems, voice over IP (VoIP) equipment, and IP cameras and printers increased by 136 – from 14% to 33% – with the addition of network recorders Video (NVR) Group.

IoT devices “are widely exposed on the Internet and have long been targeted by attackers,” researchers wrote in a blog post, noting the appearance of NVRs on the list. “NVRs sit next to IP cameras on the network and store recorded video. Like IP cameras, they are widely found on the Internet and have serious security vulnerabilities that are exploited by cybercriminal botnets and APT attacks.”

More area to protect

“The attack surface now spans IT, IoT and OT in almost every organization – with IoMT in healthcare,” they wrote in the report. “It is not enough to focus defense on risky devices in one category, as attackers can use different device categories to launch attacks. We demonstrated this with a proof of concept (R4IoT) attack that starts with an IP camera (IoT), travels to a workstation (IT), and disables PLCs (OT).

The R4IoT demonstration looked at expectations for the next generation of ransomware targeting IoT and OT systems, given the growing number and types of these devices and their connectivity to corporate networks. The continued convergence of IoT and OT devices and the increase in software supply chain attacks are increasing the attack surface of virtually every company.

Additionally, the threat persists as there are more than 1,100 ransomware kits that fraudsters can use to extort money from organizations, they wrote, noting that according to the SANS Institute, the number of ransomware attacks in 2023 increased by 73% year-over-year to a total of 4,611 cases.

Vedere Labs crunched data from nearly 19 million devices between January 1 and April 30 to compile a 12-page report, looking at devices from three perspectives: configuration (number and severity of vulnerabilities and open ports), behavior (malicious incoming and outgoing malware) network traffic and incoming Internet traffic to the device) and function (danger to the organization if it is compromised). Each device was assigned a risk score, and researchers calculated the average for each device.

Watch out for robots

Beyond the increased risks associated with networking equipment and the explosive growth of the IoT category, there were few surprises, some good, some bad, according to researchers. One emerging threat is emerging in the OT space: industrial robots. Their use in industries such as electronics and car manufacturing, in more connected and smart factories, is growing rapidly. Last year they counted almost 4 million industrial robots worldwide, with about 80% of them in five countries: the United States, China, Japan, South Korea and Germany.

“There are also service robots used in many other industries, such as logistics and the military,” the researchers wrote. “Despite widespread use, many robots suffer from the same security issues as other OT equipment, including: outdated software, default credentials, and lax security. Attacks on robots include production sabotage, physical damage, and human safety.”

Improving health care safety

That said, healthcare is no longer the industry with the riskiest devices – that crown is now held by the technology sector – thanks in part to organizations that have switched to remote device management from Telnet to the more secure SSH, which uses an encrypted format and a secure channel for transmitting data. The industry saw the percentage of open ports drop from 10% in 2023 to 4% this year, and Remote Desk Protocol (RDP) usage from 15% to 6%.

Despite this, IoMT devices used in healthcare settings still pose risks, especially for drug dispensing systems. The researchers wrote that they have been vulnerable to attacks for almost 10 years and were listed in the report as the sixth most vulnerable type of device. Hospitals and other facilities will likely continue to be an increasing target for threat actors.

A future full of challenges

It will be increasingly difficult for organizations, they warn. By 2028, there will be over 25 billion IoT devices.

“They significantly expanded the attack surface, creating new challenges and vulnerabilities,” the researchers wrote. “The need for accurate and fast information from systems in every industry is essential to business operations. From the power grid to electrocardiograms, connected devices monitor our health, report changes in conditions or trigger automatic actions.

They outlined steps enterprises can take to reduce the attack surface, including upgrading, replacing or isolating OT and IoMT devices running legacy operating systems known to have critical flaws, implementing automatic device compliance verification, and ensuring incompatible devices will not work. do not connect to the Internet.

They also recommended improving network security, from segmentation to isolating devices such as IP cameras and unsafe open ports such as Telnet.