sb-eu logo
Story image

IoT devices more at risk of cyber attack than ever - report

17 Mar 2020

Internet of Things (IoT) devices are one of the fastest-growing emerging technologies in the digital transformation sphere – by the end of 2019, 4.8 billion IoT endpoints were expected to be in use, an increase of 21.5% from 2018, according to Gartner.

But, as with almost all emerging technologies, there comes with it an associated cybersecurity risk.

Unit 42, the threat intelligence team of Palo Alto Networks, recently analysed 1.2 million IoT devices in thousands of physical locations across enterprise IT and healthcare organisations in the United States. 

The 2020 Unit 42 IoT Threat Report found the general security posture of IoT devices is declining, leaving organisations vulnerable to new IoT-targeted malware as well as older attack techniques that IT teams have long forgotten.

Among the most disturbing discoveries: 98% of all IoT device traffic is unencrypted, exposing personal and confidential data on the network. 

This potentially allows attackers the ability to listen to unencrypted network traffic, collect personal or confidential information, then exploit that data for profit on the dark web.

The report also revealed 83% of medical imaging devices are running on unsupported operating systems. 

This reflects a 56% jump from 2018, mostly due to the Windows 7 operating system reaching its end of life. 

This left hospital and other health organisations vulnerable to attacks that can disrupt care or expose sensitive medical information.

Other key findings:

51% of threats for healthcare organisations involved imaging devices, disrupting the quality of care and allowing attackers to exfiltrate patient data stored on these devices.

72% of healthcare virtual local area networks (VLANs) mix IoT and IT assets, allowing malware to spread from users’ computers to vulnerable IoT devices on the same network.

New techniques, such as peer-to-peer command and worm-like features for self-propagation, are coming to light, threatening to infect IoT devices without prejudice.

57% of IoT devices are vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers, according to Unit 42.

41% of attacks exploit device vulnerabilities, as IT-borne attacks scan through network-connected devices in an attempt to exploit known weaknesses.

Unit 42 also found that, while the vulnerability of IoT devices make them easy targets, they are most often used as a stepping stone to attack other systems on the network. 

Furthermore, Unit 42 found password-related attacks continue to be prevalent on IoT devices due to weak manufacturer-set passwords and poor password security practices.

Increasingly, malware is being used to enable attackers to run malicious code to conduct new attacks. 

This is becoming the new focus of cyber criminals’ attacks, shifting from their previous motivation of running botnets to conduct DDoS attacks via IoT devices.

In light of the new and novel cyber threats facing new IoT devices, Unit 42 recommends adhering to the following steps to minimise risk:

  • Know your risk. Discover IoT devices on the network
  • Patch printers and other easily patchable devices
  • Segment IoT devices across VLANs
  • Enable active monitoring.
Story image
Vectra expands NDR capabilities across all network environments
Vectra’s network threat detection and response (NDR) solution is designed to use cloud identities that track and link attacker activities and progression across all networks.More
Story image
Voice phishing attacks on the rise, remote workers vulnerable
There is an increase in voice phishing attacks, where hackers use existing employee names in attempt to trick victims into sharing login credentials and data by phone.More
Story image
The ultimate network security audit checklist
Experts project that losses and damage from cybercrime will skyrocket, with attacks ranging from spam and phishing to malware and spyware — all compromising the safety of sensitive data and proprietary information. These attacks can be minimised by performing network security audits regularly.More
Story image
DigiCert revamps PKI management capabilities for remote work
The revamp provides new ways of delivering certificate automation that can authenticate employees and devices, and encrypt data over networks.More
Story image
Radware expands DDoS prevention support for AWS
e are pleased to support Radware as they integrate their DefensePro Virtual Appliance for AWS with AWS Gateway Load Balancer,” says AWS spokesman.More
Story image
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
In Techday's second IT Jam with Vectra AI, we speak again with its head of security engineering Chris Fisher, who discusses the organisational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organisations should take to protect employees from attacks.More