Internet of Things (IoT) devices are one of the fastest-growing emerging technologies in the digital transformation sphere – by the end of 2019, 4.8 billion IoT endpoints were expected to be in use, an increase of 21.5% from 2018, according to Gartner.
But, as with almost all emerging technologies, there comes with it an associated cybersecurity risk.
Unit 42, the threat intelligence team of Palo Alto Networks, recently analysed 1.2 million IoT devices in thousands of physical locations across enterprise IT and healthcare organisations in the United States.
The 2020 Unit 42 IoT Threat Report found the general security posture of IoT devices is declining, leaving organisations vulnerable to new IoT-targeted malware as well as older attack techniques that IT teams have long forgotten.
Among the most disturbing discoveries: 98% of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.
This potentially allows attackers the ability to listen to unencrypted network traffic, collect personal or confidential information, then exploit that data for profit on the dark web.
The report also revealed 83% of medical imaging devices are running on unsupported operating systems.
This reflects a 56% jump from 2018, mostly due to the Windows 7 operating system reaching its end of life.
This left hospital and other health organisations vulnerable to attacks that can disrupt care or expose sensitive medical information.Other key findings:
51% of threats for healthcare organisations involved imaging devices, disrupting the quality of care and allowing attackers to exfiltrate patient data stored on these devices.
72% of healthcare virtual local area networks (VLANs) mix IoT and IT assets, allowing malware to spread from users' computers to vulnerable IoT devices on the same network.
New techniques, such as peer-to-peer command and worm-like features for self-propagation, are coming to light, threatening to infect IoT devices without prejudice.
57% of IoT devices are vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers, according to Unit 42.
41% of attacks exploit device vulnerabilities, as IT-borne attacks scan through network-connected devices in an attempt to exploit known weaknesses.
Unit 42 also found that, while the vulnerability of IoT devices make them easy targets, they are most often used as a stepping stone to attack other systems on the network.
Furthermore, Unit 42 found password-related attacks continue to be prevalent on IoT devices due to weak manufacturer-set passwords and poor password security practices.
Increasingly, malware is being used to enable attackers to run malicious code to conduct new attacks.
This is becoming the new focus of cyber criminals' attacks, shifting from their previous motivation of running botnets to conduct DDoS attacks via IoT devices.
In light of the new and novel cyber threats facing new IoT devices, Unit 42 recommends adhering to the following steps to minimise risk:
- Know your risk. Discover IoT devices on the network
- Patch printers and other easily patchable devices
- Segment IoT devices across VLANs
- Enable active monitoring.