At GITEX in 2022, Forescout Technologies, a company into automated cybersecurity, presented its research on the riskiest equipment in corporate networks. Network-attached storage poses the greatest risk in this area, and because these devices frequently have both internet access and easy-to-exploit flaws, threat actors target them continuously for ransomware, botnets, crypto mining, or simple data loss.
High risk devices are most prevalent in the manufacturing sector (11%), while the government and financial sectors have the highest proportions of medium and high risk devices (43% for government and 37% for finance). The lowest risk categories are healthcare and retail, where 20% of devices are classified as medium or high risk and 18% as low risk.
At GITEX 2022, organizations and government entities can learn how they can better protect themselves against a new type of ransomware attack that can leverage any IoT devices, even security cameras, to deploy ransomware.
According to Ihab Moawad, Vice President, Forescout, Middle East, Turkey, and Africa,
““At Forescout, we are keen to raise awareness and let government entities and businesses know exactly where the vulnerabilities lie with their network. Our research team has done a fantastic job identifying which industry verticals are being targeted relentlessly and which connected devices are most at risk, globally and here across the region,GITEX gives us this global platform to showcase our Automated Cybersecurity Solutions that protect any digital terrain. Forescout is here to help companies understand and mitigate risks that come with digital transformation, the rapid growth of IoT devices across organizations, and the convergence of IT and OT networks that is encouraging the rise of ransomware-as-a-service gangs.”
2022 Riskiest Connected Devices
Using Forescout’s scoring methodology, Vedere Labs identified the five riskiest devices in four device categories: IT, IoT, OT and IoMT.
- IT:Router, computer, server, wireless access point and hypervisor.
- IoT:IP camera, VoIP, video conferencing, ATM and printer.
- OT:PLC, HMI, uninterruptible power supply (UPS), environmental monitoring and building automation controller.
- IoMT:DICOM workstation, nuclear medicine system, imaging, picture archiving and communications system (PACS) and patient monitor.
Environment monitoring and building automation systems are critical for facilities management, which is a common need in most organizations. Smart buildings perfectly exemplify a cross-industry domain where IT, IoT and OT are converging on the same network. There are several examples of smart buildings exploited by threat actors to render controllers unusable, recruit vulnerable physical access control devices for botnets, or leverage engineering workstations for initial access. These devices dangerously mix the insecure-by-design nature of OT with the internet connectivity of IoT and are often found exposed online even in critical locations.
The attack surface now encompasses IT, IoT and OT in almost every organization, with the addition of IoMT in healthcare. It is not enough to focus defenses on risky devices in one category since attackers can leverage devices of different categories to carry out attacks. Forescout has demonstrated this with R4IOT, an attack that starts with an IP camera (IoT), moves to a workstation (IT) and disables PLCs (OT).
The security vendor is at GITEX 2022 to show how cybercriminals use vulnerabilities in IoT devices to exploit for initial access and lateral movement to IT and OT devices, with the objective of causing physical disruption of business operations, for financial gains.