IoT Devices Business Risky Business


As the number and variety of IoT devices proliferate and diversify, organizations find themselves under constant assault from threat actors who often turn to the same attack vectors time and time again. With success.

Among the most risky devices for enterprise networks: networking equipment, VoIP, IP cameras and APIs, according to a report by researchers at Forescout’s Vedere Laboratories. In this year’s research, the attack surface was broadened by new entries such as the medical use of hypervisors and human-machine interfaces (HMIs).

“The growing number and diversity of connected devices in every industry present new challenges for organizations to understand and manage the risks they face,” researchers said in the 2022 edition of The Riskiest Internet Devices in Enterprise Networks report. which notes, unsurprisingly, that “most organizations now house a combination of interconnected computing, OT, and IoT devices in their networks, which has increased their attack surface.”

“According to Statista, the number of IoT devices is expected to reach 30.9 billion units by 2025. IoT devices continue to be threats in organizations and homes due to their increasing prevalence and relatively low security. mediocre,” said Will Carlson, Senior Director of Content at Cybraire. “Add to that, even for advanced users of these devices, they are often not user-repairable, patchable, or upgradable.”

The report cites findings from the Ponemon Institute which showed that 65% of organizations named IoT/OT devices as part of the network where security is lacking. 88% of IT and IT security professionals said their IoT devices were connected to the internet, while 56% also had OT devices connected. About half (51%) said an OT network was connected to the IT network.

The five most risky devices in four device categories:

1 Router IP camera Programmable Logic Controller DICOM workstation
2 computer VoIP Human Machine Interface Nuclear medicine system
3 Waiter Videoconference Without interruption

Power source

4 Wireless access port AT M Environmental monitoring Picture Archiving and Communication System
5 Hypervisor Printer building automation controller patient monitor

“Threat actors are well aware of these trends. We recently reported how ransomware groups started to massively target devices such as NAS, VoIP and hypervisors,” Vedere Labs said. Perhaps that’s why 50% of people surveyed by Ponemon noted an increase in attacks against devices.

Every organization, regardless of industry, has felt the impact of a growing attack surface, the researchers said. “Manufacturing has the highest percentage of high-risk devices (11%), while government and finance have the best combinations of medium and high risk (43% for government and 37% for finance)” , they said, explaining that the “ranking of the most risky devices does not change significantly by sector, which shows that almost all organizations currently rely on a combination of IT, IoT and OT ( as well as the IoMT for healthcare) to carry out their activities.

“It is not surprising that IoT devices with cameras and microphones present are very interesting for adversaries. Although any IoT device can be used for botnets, lateral movement or any other nefarious act; those with cameras and mics can be used for so much more,” Carlson said. “The presence of these capabilities paves the way for increased remote spying, observation of personnel and security movements, and increased targeted attacks based on the information gathered.”

The riskiest IT and OT devices didn’t vary much across regions, they said, “while the riskiest IoT devices change slightly and the riskiest IoMT devices change significantly.”

But “it is not enough to concentrate defenses on risky devices in one category since attackers can leverage devices from different categories to carry out attacks. We demonstrated this with R4IoT, an attack that starts with an IP camera (IoT), moves to a workstation (IT), and disables automata (OT),” the researchers wrote.

Instead, “risk assessment becomes even more important for organizations as their attack surface increases with the addition of new connected devices,” the report says. “Implementing automated controls that don’t rely solely on security guards and apply across the enterprise can help reduce risk across the organization.”

The Forescout report “highlights the need for basic mitigation steps such as network segmentation and full device updating. Although the report focuses on IoT and OT, these threats often use the Windows endpoints to spread across shared networks, as evidenced by all-too-familiar headlines of the past few years,” said Ashley McGlone, Tanium’s technology strategist for manufacturing. “Some companies only patch critical and high vulnerabilities , ignoring the risk of chaining medium and low CVEs together to create attack vectors.Other companies patch IT machines while relegating Windows OT patches to site support who may be understaffed. leadership, people, processes and tools of cybersecurity in IT, IoT and OT is essential for full visibility and mitigation of these risks.

Source link