Integrated and open systems are heralded by physical security contractors as a great way to expand projects with technology and provide important data for end-user customers on their facilities. The downside is that bad actors and hackers are increasingly finding ways to attack these and other connections, posing new cyber risk that includes potential data theft, or worse, compromise of critical systems.
A report by cybersecurity vendor Forescout Technologies Inc., San Jose, Calif., and its Vedere Research Labs, “The Riskiest Connected Devices in 2024,” focuses on network vulnerabilities in IT, OT, IoT (internet of things), and IoMT (internet of medical things). These devices were assigned a risk score analyzing data from Forescout’s Device Cloud during a three-month period in early 2024. The report identifies the most vulnerability and highest risk technology devices in each of these sectors, with open ports and unsecured network connections common infiltration points.
According to its research findings, attackers are “crossing siloes” of connected devices, operating systems and firmware, discovering numerous entry points.
“Today, network equipment has become the riskiest IT device category surpassing endpoints. Threat actors are finding new vulnerabilities in routers and wireless access points—and are exploiting them quickly in massive campaigns. Similarly, IoT devices with vulnerabilities expanded a whopping 136% from a year ago,” according to the study.
Assessing cybersecurity risk
The devices tagged as continually posing a risk are programmable logic controllers and voice over internet protocol (VoIP) equipment, seemingly because they often lack basic security protocols or are configured insecurely. Using data sourced from some 19 million devices, Forescout reported that IT-connected equipment (network infrastructure and endpoints), 58%, accounted for most vulnerabilities. The riskiest connected devices in the IT category include wireless access points, routers, servers, computers and hypervisor software.
In the loT list of vulnerable devices commonly attacked are network-attached storage, VoIP, IP cameras and printers. Added to the list as a new “persistent” entry point for attackers are networked video recorders (NVRs). NVRs also reside on the network in conjunction with IP cameras and are being exploited by botnets and advanced persistent threats.
In OT, “the riskiest devices include the critical and insecure-by-design PLCs and distributed control systems. It also includes the uninterruptible power supply systems present in many data centers with default credentials—and the ubiquitous, often invisible building automation systems,” according to the report.
Building management and automation systems are also vulnerable to hacker threats, where actors disable controllers and tap into physical access control with botnets. In addition, industrial robots were increasingly found a vulnerable target, as these humanoids continue to emerge on the scene to assist with operations.
Reducing cyber risks
Reducing risk means shrinking the threat surface and that may come with diligence and implementing cybersecurity controls beyond endpoints and focusing on devices hackers have identified as offering simpler initial access. However, implementing controls for specific devices isn’t enough. Risk mitigation should use automated controls that apply to the whole enterprise, not individual siloes, according to Forescout.
Security vendor CrowdStrike has also reported that remote monitoring and management (RMM) is the latest popular attack vector, and bad actors are using network management tools to conceal intrusions on corporate IT networks. While RMM offers advantages that include automating maintenance and service, they can also be a “Trojan horse of choice for attackers,” according to CSO online. “Attackers can abuse existing RMM platforms within a network to gain initial access—either by exploiting vulnerabilities or by (more commonly) using stolen, default, or guessed credentials.”