Forescout Reports on The Riskiest Connected
Devices in Enterprise Networks at GITEX 2022
·
Network-attached
storage devices are most at risk in the region
·
Manufacturing
sector has the highest number of affected devices
Dubai,
United Arab Emirates
Forescout Technologies, the global leader in automated cybersecurity,
released its findings about the riskiest devices in enterprise networks in 2022
at GITEX.
In this region,
network-attached storage is the riskiest and these devices often have both
easy-to-exploit vulnerabilities and internet connectivity, thus they are
constantly targeted by threat actors for ransomware, botnets, crypto mining, or
simply data destruction.
“At
Forescout, we are keen to raise awareness and let government entities and
businesses know exactly where the vulnerabilities lie with their network. Our
research team has done a fantastic job identifying which industry verticals are
being targeted relentlessly and which connected devices are most at risk,
globally and here across the region,” commented Ihab Moawad, Vice President,
Forescout, Middle East, Turkey, and Africa.
Manufacturing has the highest percentage of
devices with high risk (11%), while government and financial have the top
combinations of medium and high risk (43% for government and 37% for
financial). Healthcare and retail have the lowest risk overall, with 20% of
devices having medium or high risk in healthcare and 18% in retail.
The ranking of riskiest devices does
not change considerably per industry, which shows that almost every
organization nowadays relies on a combination of IT, IoT, and OT (as well as
IoMT for healthcare) to deliver their business. It also means that almost every
organization is affected by a growing attack surface. The riskiest IT and OT
devices remain nearly constant across different regions, while the riskiest IoT
devices change slightly and the riskiest IoMT devices change considerably.
“GITEX gives us this global platform
to showcase our Automated Cybersecurity Solutions that protect any digital
terrain. Forescout is here to help companies understand and mitigate risks that
come with digital transformation, the rapid growth of IoT devices across
organizations, and the convergence of IT and OT networks that is encouraging
the rise of ransomware-as-a-service gangs,” added Moawad.
At GITEX 2022, organizations and
government entities can learn how they can better protect themselves against a
new type of ransomware attack that can leverage any IoT devices, even security
cameras, to deploy ransomware.
Forescout has further identified the five
riskiest devices in four device categories: IT, IoT, OT, and IoMT – as shown in
Table 1.
Table 1 - Riskiest connected devices per category
|
|
IT |
IoT |
OT |
IoMT |
|
1 |
Router |
IP
camera |
Programmable
logic controller (PLC) |
DICOM
workstation |
|
2 |
Computer |
VoIP |
Human
machine interface (HMI) |
Nuclear
medicine system |
|
3 |
Server |
Video
conferencing |
Uninterruptible
power supply (UPS) |
Imaging |
|
4 |
Wireless
access point |
ATM |
Environment
monitoring |
Picture archiving and
communication system (PACS) |
|
5 |
Hypervisor |
Printer |
Building
automation controller |
Patient
monitor |
IT
devices are still the main target
of malware,
including ransomware, and the main initial access points for malicious actors.
These actors exploit vulnerabilities on internet-exposed devices, such as servers
running unpatched
operating systems and business applications, or use social
engineering and phishing
techniques to dupe employees to run malicious code on their computers.
Routers and
wireless access points,
as well as other network infrastructure devices, are becoming more common entry points for malwareand advanced persistent threats. Routers are risky because they are often
exposed online, interfacing internal and external networks, have dangerous
exposed open ports and have many vulnerabilities that are often quickly exploited by malicious
actors. Wireless access points are the typical border between internal and
external networks in physical locations. They frequently host both guest and
corporate networks and are used to connect guest devices, including computers and
mobile.
Hypervisors, or specialized servers hosting virtual
machines (VMs), have become a favorite target for ransomware gangs in 2022 since they allow
attackers to encrypt several VMs at once and because ransomware developers are
moving towards languages such as Go and Rust that allow for easier
cross-compilation and can target both Linux and Windows.
A growing number of IoT devices on enterprise
networks are being actively exploited because they are harder to patch and manage
than IT devices. IoT devices are compromised due to weak credentials or unpatched vulnerabilities primarily to become part of distributed
denial-of-service (DDoS) botnets. Beyond DDoS, several threat actors have been
using IoT devices for other phases of attacks.
PLCs and HMIs are the riskiest OT devices because they are
very critical, allowing for full control of industrial processes, and are known
to be insecure by design. Although PLCs are not often connected to the
internet, many HMIs are, to enable remote operation or management. These
devices are not only common in critical infrastructure sectors, such as
manufacturing, but also in sectors such as retail, where they drive logistics
and warehouse automation.
OT devices are typically associated
with manufacturing and critical infrastructure. However, other observed risky
OT devices are much more widespread than PLCs and HMIs. For instance, uninterruptible
power supplies (UPSs) are present in many
corporate and data center networks next to computers, servers, and IoT devices.
UPSs play a critical role in power monitoring and data center power management.
CISA has alerted about threat actors targeting
UPSs with default credentials. Attacks
on these devices can have physical effects, such as switching off the power in
a critical location or tampering with voltage to damage sensitive equipment.
Environment
monitoring and
building automation systems are critical for facilities management, which
is a common need in most organizations. Smart buildings perfectly exemplify a
cross-industry domain where IT, IoT and OT are converging on the same network.
There are several examples of smart buildings exploited by threat actors to render controllers unusable, recruit vulnerable physical access control devices for botnets, or leverage engineering workstations for initial access. These devices dangerously
mix the insecure-by-design nature of OT with theinternet connectivity of IoT
and are often found exposed online even in critical locations.
The riskiest IoMT devices change
considerably. Table 2 shows the riskiest IoMT devices in each region. DICOM
workstations are the only devices that consistently make the list in every
region.
|
|
Americas |
APJ |
Europe |
META |
|
1 |
DICOM Workstation |
Electrocardiograph |
DICOM Workstation |
DICOM Workstation |
|
2 |
Nuclear Medicine System |
CT Scanner |
Electrocardiograph |
PACS |
|
3 |
PACS |
DICOM Workstation |
Ultrasound |
Medication Dispensing System |
|
4 |
Imaging |
Imaging |
Patient Monitor |
CT Scanner |
|
5 |
Medical Analyzer |
Medication Dispensing System |
Mammography System |
Angiography System |
Two recurring
themes in the
recent research have been the growing attack surface due to more devices
being connected to enterprise networks and how threat actors leverage these
devices to achieve their goals.
The attack surface now encompasses IT,
IoT and OT in almost every organization, with the addition of IoMT in
healthcare. It is not enough to focus defenses on risky devices in one category
since attackers can leverage devices of different categories to carry out
attacks. Forescouthas demonstrated this with R4IoT, an attack that starts with an IP camera
(IoT), moves to a workstation (IT) and disables PLCs (OT).
You need proper risk assessment to
understand how your attack surface is growing. However, assessing device risk
is not easy. For instance, to determine whether a device is vulnerable or not,
granular classification information is needed, such as device type, vendor,
model and firmware version.
The security vendor is at GITEX 2022 to show
how cybercriminals use vulnerabilities in IoT devices to exploit for initial
access and lateral movement to IT and OT devices, with the objective of causing
physical disruption of business operations, for financial gains.
Visitors to the Forescout Stand H1-B40, in Hall 1, at
the Dubai World Trade Center (DWTC) will be able to get first-hand information
on the company’s security solutions, be part of interactive demos, and have all
of their cybersecurity queries answered. The security vendor will also be showcasing
its Completed Project Memoria, the most extensive study of TCP/IP stacks that
uncovered 97 new vulnerabilities impacting over 400 vendors.
GITEX 2022 is taking place from 10 to 14 October 2022,
at DWTC. For more information on Forescout, please visit www.forescout.com.
***ENDS***
About Forescout
Forescout
Technologies, Inc. delivers cybersecurity automation across the digital
terrain, maintaining continuous alignment of customers’ security frameworks
with their digital realities, including all asset types – IT, OT, IoT, IoMT.
The Forescout Continuum Platform provides complete asset visibility, continuous
compliance, network segmentation and a strong foundation for Zero Trust. For
more than 20 years, Fortune 100 organizations and government agencies have
trusted Forescout to provide automated cybersecurity at scale. Forescout arms
customers with data-powered intelligence to accurately detect risks and quickly
remediate cyberthreats without disruption of critical business assets. www.forescout.com
Managing cyber risk,
together.
No comments:
Post a Comment