Forescout unveils the world’s riskiest connected devices including X-ray machines, ATMs and patient monitors

Each device could be taken over by a hacker, or create a back door into an organisation. Forescout’s research team, Vedere Labs has revealed the riskiest IT, IoT, OT and IoMT devices of 2022.

The research, which was collated from 19 million devices deployed across five different industries, has revealed that the riskiest device groups include smart buildings, medical devices, networking equipment, and IP cameras, VoIP and video conferencing systems.

Using the dataset and scoring methodology, where the risk of a device is calculated on its configuration, function and behaviour, the five riskiest devices across the four categories rank as follows:

 ITIoTOTIoMT
1RouterIP cameraProgrammable logic controller (PLC)DICOM workstation
2ComputerVoIPHuman machine interface (HMI)Nuclear medicine system
3ServerVideo conferencingUninterruptible power supply (UPS)Imaging
4Wireless access pointATMEnvironment monitoringPicture archiving and communication system(PACS)
5HypervisorPrinterBuilding automation controllerPatient monitor

The research has revealed:

  • IT devices are still the main target of malware, including ransomware, and the main initial access points for malicious actors. These actors exploit vulnerabilities on internet-exposed devices, such as servers running unpatched operating systems and business applications, or use social engineering and phishing techniques to dupe employees to run malicious code on their computers.
  • This year, hypervisors or specialised servers hosting virtual machines (VMs), have made it as a new entry on to the list. Currently a favourite target for ransomware gangs, this device allows attackers to encrypt several VMs at once.
  • IP cameras, VoIP and video conferencing systems are the riskiest IoT devices because they are commonly exposed on the internet and there is a long history of threat actor activity targeting them. This year alone, both UNC3524 and TAG-38 have targeted video conferencing and cameras for use as command and control infrastructure.
  • PLCs and HMIs are the riskiest OT devices because they are critical to operations, allowing for full control of industrial processes, and are known to be insecure by design. These devices are not only common in critical infrastructure sectors, such as manufacturing, but also in sectors such as retail, where they drive logistics and warehouse automation.
  • DICOM workstations, nuclear medicine systems such as X-rays, imaging devices and PACS often run legacy vulnerable IT operating systems and have extensive network connectivity to allow for sharing imaging files, using the DICOM standard for sharing these files. Unencrypted communications could allow attackers to obtain or tamper with medical images, including to spread malware.

Daniel dos Santos, Head of Security Research at Forescout said, “The growing number and diversity of connected devices in every industry presents new challenges for organisations to understand and manage the risks they are exposed to. The attack surface now encompasses IT, IoT and OT in almost every organisation, with the addition of IoMT in healthcare. It is not enough to focus defenses on risky devices in one category since attackers can leverage devices of different categories to carry out attacks. We have already demonstrated this with R4IoT, an attack that starts with an IP camera (IoT), moves to a workstation (IT) and disables PLCs (OT)”.

Dos Santos continues, “To mitigate against potential threats, you need to carry out a proper risk assessment to understand how your attack surface is growing. Once you understand your attack surface, you need to implement automated controls that do not rely only on security agents and that apply to the whole enterprise, instead of silos like the IT network, the OT network or specific types of IoT devices”.

Share
Tweet
Post

Related posts

Scroll to Top