98% of all IoT device traffic is unencrypted Unit 42
While the internet of things (IoT) opens the door for innovative new approaches and services in all industries, it also presents new cybersecurity risks, according to a new report from Unit 42, the global threat intelligence team at Palo Alto Networks.
To evaluate the current state of the IoT threat landscape, Unit 42 analyzed security incidents throughout 2018 and 2019 with the Palo Alto Networks IoT security product, Zingbox?®?, spanning 1.2 million IoT devices in thousands of physical locations across enterprise IT and healthcare organizations in the United States.
Unit 42 found that the general security posture of IoT devices is declining, leaving organizations vulnerable to new IoT-targeted malware as well as older attack techniques that IT teams have long forgotten. This report details the scope of the IoT threat landscape, which IoT devices are most susceptible, top IoT threats, and actionable next steps to immediately reduce IoT risk.
This is especially worrying given that by the end of 2019, 4.8 billion [IoT] endpoints were expected to be in use, up 21.5% from 2018, according to research from Gartner.
IoT devices are unencrypted and unsecured: 98% of all IoT device traffic is unencrypted, exposing personal and confidential data on the network. Attackers who’ve successfully bypassed the first line of defense (most frequently via phishing attacks) and established command and control (C2) are able to listen to unencrypted network traffic, collect personal or confidential information, and then exploit that data for profit on the dark web.
57% of IoT devices are vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers. Because of the generally low patch level of IoT assets, the most frequent attacks are exploits via long-known vulnerabilities and password attacks using default device passwords.
Internet of Medical Things (IoMT?) devices are running outdated software: 83% of medical imaging devices run on unsupported operating systems, which is a 56% jump from 2018, as a result of the Windows?®? 7 operating system reaching its end of life. This general decline in security posture opens the door for new attacks, such as cryptojacking (which increased from 0% in 2017 to 5% in 2019) and brings back long-forgotten attacks such as Conficker, which IT teams had previously been immune to for a long time.
Healthcare organizations are displaying poor network security hygiene: 72% of healthcare VLANs mix IoT and IT assets, allowing malware to spread from users’ computers to vulnerable IoT devices on the same network. There is a 41% rate of attacks exploiting device vulnerabilities, as IT-borne attacks scan through network-connected devices in an attempt to exploit known weaknesses. Unit 42 is seeing a shift from IoT botnets conducting denial-of-service attacks to more sophisticated attacks targeting patient identities, corporate data, and monetary profit via ransomware.