Each device could be taken over by a hacker, or create a back door into an organisation
Forescout’s research team, Vedere Labs has revealed the riskiest IT, IoT, OT and IoMT devices of 2022.
The research, which was collated from 19 million devices deployed across five different industries, has revealed that the riskiest device groups include smart buildings, medical devices, networking equipment, and IP cameras, VoIP and video conferencing systems.
Using the dataset and scoring methodology, where the risk of a device is calculated on its configuration, function and behaviour, the five riskiest devices across the four categories rank as follows:
IT | IoT | OT | IoMT | |
1 | Router | IP camera | Programmable logic controller (PLC) | DICOM workstation |
2 | Computer | VoIP | Human machine interface (HMI) | Nuclear medicine system |
3 | Server | Video conferencing | Uninterruptible power supply (UPS) | Imaging |
4 | Wireless access point | ATM | Environment monitoring | Picture archiving and communication system
(PACS) |
5 | Hypervisor | Printer | Building automation controller | Patient monitor |
The research has revealed:
- IT devices are still the main target of malware, including ransomware, and the main initial access points for malicious actors. These actors exploit vulnerabilities on internet-exposed devices, such as servers running unpatched operating systems and business applications, or use social engineering and phishing techniques to dupe employees to run malicious code on their computers.
- IP cameras, VoIP and video conferencing systems are the riskiest IoT devices because they are commonly exposed on the internet and there is a long history of threat actor activity targeting them. This year alone, both UNC3524 and TAG-38 have targeted video conferencing and cameras for use as command and control infrastructure.
- PLCs and HMIs are the riskiest OT devices because they are critical to operations, allowing for full control of industrial processes, and are known to be insecure by design. These devices are not only common in critical infrastructure sectors, such as manufacturing, but also in sectors such as retail, where they drive logistics and warehouse automation.
- DICOM workstations, nuclear medicine systems such as X-rays, imaging devices and PACS often run legacy vulnerable IT operating systems and have extensive network connectivity to allow for sharing imaging files, using the DICOM standard for sharing these files. Unencrypted communications could allow attackers to obtain or tamper with medical images, including to spread malware.
Daniel dos Santos, Head of Security Research at Forescout said, “The growing number and diversity of connected devices in every industry presents new challenges for organisations to understand and manage the risks they are exposed to. The attack surface now encompasses IT, IoT and OT in almost every organisation, with the addition of IoMT in healthcare. It is not enough to focus defenses on risky devices in one category since attackers can leverage devices of different categories to carry out attacks. We have already demonstrated this with R4IoT, an attack that starts with an IP camera (IoT), moves to a workstation (IT) and disables PLCs (OT)”.
Dos Santos continues, “To mitigate against potential threats, you need to carry out a proper risk assessment to understand how your attack surface is growing. Once you understand your attack surface, you need to implement automated controls that do not rely only on security agents and that apply to the whole enterprise, instead of silos like the IT network, the OT network or specific types of IoT devices”.
For an analysis of what makes these devices so risky and their distribution by industry (financial, government, healthcare, manufacturing and retail) and geography (Americas; Asia-Pacific; Europe; and Middle East, Turkey and Africa), a report is available upon request.