The Forescout research team analyzed 19 million connected devices deployed in five different industries, to identify the riskiest device groups: smart buildings, medical devices, networking equipment and IP cameras, VoIP and systems of videoconferencing.
Using the dataset and scoring methodology, where a device’s risk is calculated based on its configuration, function, and behavior, the top five riskiest connected devices across the four categories rank as follows:
Main research results
“The growing number and diversity of connected devices in every industry presents new challenges for organizations to understand and manage the risks they are exposed to. The attack surface now encompasses IT, IoT, and OT in nearly every organization, with the addition of IoMT in healthcare. It is not enough to focus defenses on risky devices of one category, as attackers can exploit devices of different categories to carry out attacks. We have already demonstrated this with R4IoT, an attack that starts with an IP camera (IoT), moves to a workstation (IT) and disables APIs (OT),” said Daniel dos Santos, head of research safe at Forescout.
Computing devices remain the main target for malware, including ransomware, and the main initial entry points for malicious actors. These actors exploit vulnerabilities in devices exposed to the Internet, such as servers running unpatched operating systems and business applications, or use social engineering and phishing techniques to trick employees into running code malware on their computers.
This year, hypervisors or specialized servers hosting virtual machines (VMs) are entering the list. Currently a prime target for ransomware gangs, this device allows attackers to encrypt multiple virtual machines at once.
IP cameras, VoIP and video conferencing systems are the most risky IoT devices as they are commonly exposed on the internet and there is a long history of malicious actor activity targeting them. This year alone, UNC3524 and TAG-38 targeted video conferencing and cameras for use as command and control infrastructure.
PLCs and HMIs are the riskiest OT devices because they are critical to operations, allowing full control of industrial processes, and are known to be insecure by design. These devices are not only common in critical infrastructure industries, such as manufacturing, but also in industries such as retail, where they drive logistics and warehouse automation.
DICOM workstations, nuclear medicine systems such as X-rays, imaging devices, and PACS often run vulnerable legacy computer operating systems and have extensive network connectivity to enable file sharing. imagery, using the DICOM standard to share these files. Unencrypted communications could allow attackers to obtain or tamper with medical images, including to distribute malware.
“To mitigate potential threats, you need to perform a proper risk assessment to understand how your attack surface is growing. Once you understand your attack surface, you need to implement automated controls that don’t rely only on security agents and that apply across the enterprise, instead of silos like the IT network, OT network, or specific types of IoT devices,” Dos Santos concluded.