In a report last year, analysts at Gartner said that 4.8 billion endpoints ( IoT ) would be used by the end of 2019, a 21.5% increase compared to 2018. The Internet of Things (IoT) ) opens the door to innovative approaches and new services in all industrial sectors, but also presents new risks for cybersecurity.
To provide an update on the current state of the IoT threat landscape, Unit42, the threat intelligent team of Palo Alto Networks analyzed the security incidents that occurred during 2018 and 2019 with Zingbox, a solution dedicated to IoT security, taking considers 1.2 million IoT devices used in thousands of IT organizations and healthcare companies across the United States.
The team found that the overall security status of IoT devices is far from satisfactory, putting companies at risk against not only new but also old threats, which are often forgotten by IT managers. The report details the IoT threat landscape, the most vulnerable devices and the actions to be taken to reduce risks immediately.
IoT Devices Are Not Encrypted
98% of all traffic generated by IoT devices is unencrypted, putting personal and sensitive data circulating on the network at risk. Attackers who manage to overcome the first line of defence (often thanks to phishing attacks) and reach a command and control level (C2), can trace all unencrypted network traffic, collect personal information and use it to get cheap returns on the dark web.
57% of IoT devices are vulnerable to medium or high threat attacks, making them an easy target for hackers. Given the scarcity of patches for this type of equipment, the most frequent attacks exploit known vulnerabilities and the use of default passwords.
Most IoMT Devices Use Outdated Software
83% of medical imaging devices are using operating systems that are no longer supported, with a 56% increase from 2018 following the end of Windows 7 support. This has created a worsening of the security posture that has opened the doors to new attacks, such as crypto jacking (from 0% in 2017 to 5% in 2019) and revived long-forgotten attacks, such as Conficker, to which IT teams had remained immune for a long time.
The Internet of Medical Things (IoMT) devices with the most safety concerns are imaging systems, which are a vital part of the clinical workflow. For healthcare organisations, 51% of threats are precisely these devices, which can compromise the quality of care and allow attackers to obtain patient data stored on the devices.
Healthcare Companies Demonstrate Poor Network “Safety Hygiene”
72% of healthcare VLANs combine IoT and IT resources, allowing malware to spread from users’ computers to vulnerable IoT devices on the same network. The rate of attacks exploiting device vulnerabilities is 41%, as attackers scan networked devices to exploit their weaknesses. We are seeing a shift from IoT botnets that carry out denial-of-service attacks to more sophisticated actions that target patient identities, corporate data, and demand cash ransoms.
IoT Attacks Target Legacy Protocols
There is an evolution in the threats affecting IoT devices using new techniques, such as peer-to-peer C2 communications and worm-like features for self-propagation. Attackers know the vulnerability of decades-old OT protocols, such as DICOM, and have the potential to disrupt and block a company’s core business.