CYBERSECURITY | Unit 42 IoT Threat Report 2020
To understand the full scope of the current IoT threat landscape, Palo Alto Networks analyzed 1.2 million IoT devices in thousands of physical locations across enterprise IT and healthcare organizations in the United States. Using the Palo Alto Networks’ IoT security product, Zingbox, the cybersecurity company created the 2020 Unit 42 IoT Threat Report to identify the Top IoT threats and provide recommendations that organizations could take to immediately reduce IoT risk in their environments.
Most notably, the report revealed that 83% of medical imaging devices are running on unsupported operating systems. This reflects a 56% jump from 2018 due to the Windows 7 operating system reaching its end of life, leaving hospital organizations vulnerable to attacks that could disrupt care or expose sensitive medical information.
High-profile, IoT-focused cyberattacks were forcing industries to recognize and manage the risks associated with deploying IoT devices to protect their core business operations. Industries, such as healthcare, were exposed to an incredibly unexpected amount of risk. Unfortunately, some IoT vulnerabilities could be life-threatening, while some attack critical enterprise functions or exfiltrate confidential data. While conducting this research, these were some of the emerging trends Palo Alto Networks discovered that organizations need to be aware of.
98% of all IoT device traffic was unencrypted, exposing personal and confidential data on the network and allowing attackers the ability to listen to unencrypted network traffic, collect personal or confidential information, then exploit that data for profit on the dark web.
51% of threats for healthcare organizations involve imaging devices, disrupting the quality of care and allowing attackers to exfiltrate patient data stored on these devices.
72% of healthcare VLANs mix IoT and IT assets, allowing malware to spread from users’ computers to vulnerable IoT devices on the same network.
Top IoT Threats
Threats continue to evolve to target IoT devices using new sophisticated and evasive techniques, such as peer-to-peer command and control communications and worm-like features for self-propagation. Coupled with a weak device and network security posture, attackers have ample opportunity to compromise IoT systems.
57% of IoT devices were vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers.
41% of attacks exploit device vulnerabilities, as IT-borne attacks scan through network-connected devices in an attempt to exploit known weaknesses.
Palo Alto Networks found that, while the vulnerability of IoT devices made them easy targets, they were most often used as a stepping stone for lateral movement to attack other systems on the network. Furthermore, Palo Alto Networks found password-related attacks continue to be prevalent on IoT devices due to weak manufacturer-set passwords and poor password security practices. However, with California’s SB-327 IoT law taking effect on January 1, 2020, prohibiting the use of default credentials, Palo Alto Networks expect this trend to change direction.
Palo Alto Networks also witnessed a shift away from attackers’ primary motivation of running botnets to conduct DDoS attacks via IoT devices to malware spreading across the network via worm-like features, enabling attackers to run malicious code to conduct a large variety of new attacks.
Steps to Reduce IoT Exposure
According to a 2019 report by Gartner, “By the end of 2019, 4.8 billion [IoT] endpoints are expected to be in use, up 21.5% from 2018.” With such a significant increase in adoption that shows no signs of slowing down, organizations need to be prepared with a strong IoT security strategy. The Palo Alto Networks report shows there were a myriad of ways enterprises are being left vulnerable to security threats, which could easily lead to some very dire circumstances if exploited.
There are steps that can be taken immediately, however, to reduce exposure to IoT threats:
Know your risk. Discover IoT devices on the network.
Patch printers and other easily patchable devices.
Segment IoT devices across VLANs.
Enable active monitoring.
Get the full 2020 Unit 42 IoT Threat Report for more research and best practices to implement in your organization.