To evaluate the current state of the IoT threat landscape, the Unit 42 threat intelligence team analyzed security issues throughout 2018 and 2019 with the Palo Alto Networks IoT security product, Zingbox, spanning 1.2 million IoT devices in thousands of physical locations across enterprise IT and healthcare organizations in the United States. The study found that the general security posture of IoT devices is declining, leaving organizations vulnerable to new IoT-targeted malware as well as older attack techniques that IT teams have long forgotten. This report details the scope of the IoT threat landscape, which IoT devices are most susceptible, top IoT threats, and actionable next steps to immediately reduce IoT risk.
IoT devices are encrypted and unsecured
98% of all IoT device traffic is unencrypted, exposing personal and confidential data on the network. Attackers who’ve successfully bypassed the first line of defense (most frequently via phishing attacks) and established command and control (C2) are able to listen to unencrypted network traffic, collect personal or confidential information and then exploit that data for profit on the dark web. 57% of IoT devices are vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers. Because of the generally low patch level of IoT assets, the most frequent attacks are exploits via long-known vulnerabilities and password attacks using default device passwords.
IoMT devices are running outdated software
The internet of medical things (IoMT) devices with the most security issues are imaging systems, which represent a critical part of the clinical workflow. For healthcare organizations, 51% of threats involve imaging devices, disrupting the quality of care and allowing attackers to exfiltrate patient data stored on these devices.
Healthcare organizations are displaying poor network security hygiene
72% of healthcare VLANs mix IoT and IT assets, allowing malware to spread from users’ computers to vulnerable IoT devices on the same network. There is a 41% rate of attacks exploiting device vulnerabilities, as IT-borne attacks scan through network-connected devices in an attempt to exploit known weaknesses. We’re seeing a shift from IoT botnets conducting denial-of-service attacks to more sophisticated attacks targeting patient identities, corporate data, and monetary profit via ransomware.
IoT-focused cyberattacks are targeting legacy protocols
There is an evolution of threats targeting IoT devices using new techniques, such as peer-to-peer C2 communications and worm- like features for self-propagation. Attackers recognize the vulnerability of decades-old legacy OT protocols, such as DICOM, and are able to disrupt critical business functions in the organization.