The general security posture of IoT devices is declining, leaving organisations vulnerable to new IoT-targeted malware as well as older attack techniques that IT teams might be prone to underestimating, according to according to Palo Alto Networks’ threat intelligence team Unit 42.
Cyberthreats are evolving to encompass new techniques targeting IoT devices such as peer-to-peer C2 communications and worm-like features for self-propagation, allowing attackers to exploit the vulnerabilities of old legacy protocols.
The team analysed 1.2 million IoT devices in thousands of physical locations across enterprise IT and healthcare organisations in the United States.
Their IoT Threat Report 2020 found that 98% of all IoT device traffic is unencrypted, exposing personal and confidential data on the network and allowing attackers the ability to listen to unencrypted network traffic, collect personal or confidential information, then exploit that data for profit on the dark web.
Some IoT vulnerabilities can be life-threatening, while some attack critical enterprise functions or exfiltrate confidential data.
More than half (51%) of threats for healthcare organisations involve imaging devices, disrupting the quality of care and allowing attackers to exfiltrate patient data stored on these devices.
Close to three-fourths (72%) of healthcare VLANs mix IoT and IT assets, allowing malware to spread from users’ computers to vulnerable IoT devices on the same network.
Five in every six (83%) of medical imaging devices run on unsupported operating systems, which opens the door for new attacks like cryptojacking and brings back long-forgotten attacks such as Conficker.
Unit 42 suggest the following steps that can be taken immediately to reduce exposure to IoT threats.
First, know your risk and discover IoT devices on the network. Second, patch printers and other easily patchable devices. Third, segment IoT devices across VLANs. And Fourth, enable active monitoring.