TECHNOLOGY

IoT: Security And System Updating Remains A Problem

In a report last year, analysts at Gartner said that 4.8 billion endpoints ( IoT ) would be used by the end of 2019, a 21.5% increase compared to 2018. The Internet of Things (IoT) ) opens the door to innovative approaches and new services in all industrial sectors, but also presents new risks for cybersecurity.

To provide an update on the current state of the IoT threat landscape, Unit42, the threat intelligent team of Palo Alto Networks analyzed the security incidents that occurred during 2018 and 2019 with Zingbox, a solution dedicated to IoT security, taking considers 1.2 million IoT devices used in thousands of IT organizations and healthcare companies across the United States.

The team found that the overall security status of IoT devices is far from satisfactory, putting companies at risk against not only new but also old threats, which are often forgotten by IT managers. The report details the IoT threat landscape, the most vulnerable devices and the actions to be taken to reduce risks immediately.

IoT Devices Are Not Encrypted

98% of all traffic generated by IoT devices is unencrypted, putting personal and sensitive data circulating on the network at risk. Attackers who manage to overcome the first line of defence (often thanks to phishing attacks) and reach a command and control level (C2), can trace all unencrypted network traffic, collect personal information and use it to get cheap returns on the dark web.

57% of IoT devices are vulnerable to medium or high threat attacks, making them an easy target for hackers. Given the scarcity of patches for this type of equipment, the most frequent attacks exploit known vulnerabilities and the use of default passwords.

Most IoMT Devices Use Outdated Software

83% of medical imaging devices are using operating systems that are no longer supported, with a 56% increase from 2018 following the end of Windows 7 support. This has created a worsening of the security posture that has opened the doors to new attacks, such as crypto jacking (from 0% in 2017 to 5% in 2019) and revived long-forgotten attacks, such as Conficker, to which IT teams had remained immune for a long time.

The Internet of Medical Things (IoMT) devices with the most safety concerns are imaging systems, which are a vital part of the clinical workflow. For healthcare organisations, 51% of threats are precisely these devices, which can compromise the quality of care and allow attackers to obtain patient data stored on the devices.

Healthcare Companies Demonstrate Poor Network “Safety Hygiene”

72% of healthcare VLANs combine IoT and IT resources, allowing malware to spread from users’ computers to vulnerable IoT devices on the same network. The rate of attacks exploiting device vulnerabilities is 41%, as attackers scan networked devices to exploit their weaknesses. We are seeing a shift from IoT botnets that carry out denial-of-service attacks to more sophisticated actions that target patient identities, corporate data, and demand cash ransoms.

IoT Attacks Target Legacy Protocols

There is an evolution in the threats affecting IoT devices using new techniques, such as peer-to-peer C2 communications and worm-like features for self-propagation. Attackers know the vulnerability of decades-old OT protocols, such as DICOM, and have the potential to disrupt and block a company’s core business.

TechUpdatesDaily

A resource where one can find the latest updates & news about technology, software, gadgets and business ideas for the start-ups.

Recent Posts

Affiliate Marketing : Tips, Best Practices & Typical Errors

Affiliate marketing is a popular method to monetize a website. It is used particularly frequently… Read More

1 week ago

Pinterest Marketing : Tips, Ideas & Strategies

Pinterest is a visual search engine and social media platform where users can discover and… Read More

3 weeks ago

4 Reasons For Email Archiving

Discover the importance of email archiving and learn why it is essential. From legal compliance… Read More

4 weeks ago

How to Get Rid of a Computer Virus?

Worm, Trojan horse, malware or even ransomware: all these terms refer to computer viruses. When… Read More

1 month ago

Two-Factor Authentication: Double Protection for Your Data

Secure your online identity with two-factor authentication (2FA). Learn how to protect your accounts from… Read More

1 month ago

VoIP Telephony: Your Revolution for Home Offices and Offices

Discover the VoIP revolution for home offices and offices! Our magazine highlights the possibilities of… Read More

2 months ago