Forescout’s research team analyzed 19 million connected devices deployed across five different industries, to find the riskiest device groups: smart buildings, medical devices, networking equipment, and IP cameras, VoIP, and video conferencing systems.
Using the dataset and scoring methodology, where the risk of a device is calculated on its configuration, function, and behavior, the five riskiest connected devices across the four categories rank as follows:
Key research findings
“The growing number and diversity of connected devices in every industry presents new challenges for organisations to understand and manage the risks they are exposed to. The attack surface now encompasses IT, IoT and OT in almost every organisation, with the addition of IoMT in healthcare. It is not enough to focus defenses on risky devices in one category since attackers can leverage devices of different categories to carry out attacks. We have already demonstrated this with R4IoT, an attack that starts with an IP camera (IoT), moves to a workstation (IT) and disables PLCs (OT),” said Daniel dos Santos, Head of Security Research at Forescout.
IT devices are still the main target of malware, including ransomware, and the main initial access points for malicious actors. These actors exploit vulnerabilities on internet-exposed devices, such as servers running unpatched operating systems and business applications, or use social engineering and phishing techniques to dupe employees to run malicious code on their computers.
This year, hypervisors or specialised servers hosting virtual machines (VMs), have made it as a new entry on to the list. Currently a favourite target for ransomware gangs, this device allows attackers to encrypt several VMs at once.
IP cameras, VoIP and video conferencing systems are the riskiest IoT devices because they are commonly exposed on the internet and there is a long history of threat actor activity targeting them. This year alone, both UNC3524 and TAG-38 have targeted video conferencing and cameras for use as command and control infrastructure.
PLCs and HMIs are the riskiest OT devices because they are critical to operations, allowing for full control of industrial processes, and are known to be insecure by design. These devices are not only common in critical infrastructure sectors, such as manufacturing, but also in sectors such as retail, where they drive logistics and warehouse automation.
DICOM workstations, nuclear medicine systems such as X-rays, imaging devices and PACS often run legacy vulnerable IT operating systems and have extensive network connectivity to allow for sharing imaging files, using the DICOM standard for sharing these files. Unencrypted communications could allow attackers to obtain or tamper with medical images, including to spread malware.
“To mitigate against potential threats, you need to carry out a proper risk assessment to understand how your attack surface is growing. Once you understand your attack surface, you need to implement automated controls that do not rely only on security agents and that apply to the whole enterprise, instead of silos like the IT network, the OT network or specific types of IoT devices,” Dos Santos concluded.