The Increasing Vulnerability of IoT Devices: A High-Value Target for Attackers

The Internet of Things (IoT) has witnessed exponential growth in recent years, with its widespread adoption in various industries, such as manufacturing, healthcare, and services. However, the rapid expansion of IoT devices has also attracted the attention of attackers. This article delves into the reasons behind the rising popularity of IoT devices among cybercriminals and explores the key factors that make them vulnerable targets. By analyzing recent reports and statistics, we shed light on the alarming surge in IoT attacks and the implications they have on organizations. Additionally, we discuss potential solutions and strategies for enhancing IoT endpoint security and mitigating the risks associated with this technology.

The IoT landscape has seen a dramatic increase in cyberattacks, surpassing the rate of mainstream breaches. Attackers are now favoring IoT devices due to their inherent security flaws and their close proximity to mission-critical systems. This section briefly introduces the growing threat posed by attackers targeting IoT devices.

Factors Contributing to IoT Devices’ Popularity Among Attackers

One of the major challenges with IoT devices is the lack of security considerations during their design phase. Many legacy IoT devices were not built with security in mind, making them susceptible to exploitation by attackers. According to Forrester’s recent report, “The State of IoT Security, 2023,” a significant number of IoT sensors in operations technology (OT) networks suffer from design-in security blind spots. These vulnerabilities create opportunities for malicious actors to infiltrate critical systems. (Forrester)

Shivan Mandalam, Director of Product Management, IoT Security at CrowdStrike, emphasized that organizations must eliminate blindspots associated with unmanaged or unsupported legacy systems. By achieving greater visibility and analysis across IT and OT systems, security teams can promptly identify and address potential problems before adversaries can exploit them. (VentureBeat)

Chronic Default Password Use

A common issue with IoT devices is the widespread use of default admin passwords. Manufacturing companies, in particular, often use default settings due to time constraints and lack of awareness. Forrester’s report highlights that many IoT devices do not require users to set new passwords upon initialization, leaving them vulnerable to unauthorized access.

Leading vendors, including Armis, Broadcom, Cisco, CradlePoint, and CrowdStrike, among others, have focused on addressing chronic default password use to improve IoT endpoint security. Ivanti, in particular, has successfully developed and launched four solutions for IoT security, emphasizing the importance of a unified endpoint management (UEM) approach that can discover all assets on an organization’s network, even IoT devices. (VentureBeat)

Reliance on Legacy IoT Sensors

Healthcare, services, and manufacturing industries heavily rely on legacy IoT sensors to capture real-time data. However, many of these devices run unsupported operating systems, rendering them vulnerable to attacks. A study by Forrester found that 73% of IoT-based IV pumps and 50% of Voice-over-IP (VoIP) systems in hospitals have critical security risks. Unsupported operating systems are a significant contributing factor to these vulnerabilities, as they cannot be easily secured or updated.

To address this issue, organizations must prioritize securing legacy IoT sensors and consider the solutions offered by vendors such as AirGap Networks, Absolute Software, Armis, and Fortinet, among others. (VentureBeat)

IoT’s Vulnerability to Command-and-Control Attacks

Connecting IoT devices to the internet exposes them to command-and-control attacks, making them ideal conduits for cybercriminals. Forrester’s observation aligns with the experiences of a cybersecurity vendor who shared that their customer faced an external IP address pinged from a security camera on their manufacturing plant’s front lobby. Attackers monitored traffic flow patterns to infiltrate the network and plant malicious sensors, enabling further access to internal networks.

The well-known Marai botnet attack and subsequent attacks exemplify how IoT devices can become botnets under the control of attackers. Organizations must prioritize measures to prevent command-and-control attacks to safeguard their networks. (VentureBeat)

Alarming Statistics: The Rise of IoT Attacks

Kaspersky ICS CERT found that in the second half of 2022, 34.3% of all computers in the industrial sector were affected by attacks. Additionally, there were 1.5 billion attacks against IoT devices during the first half of 2021 alone. SonicWall Capture Labs reported a staggering 112.3 million instances of IoT malware in 2022, representing an 87% increase over 2021. (Forrester, VentureBeat)

IoT attacks have become increasingly prevalent globally, with IBM reporting that IoT attacks made up more than 12% of global malware attacks in 2021, up from 1% in 2019. These statistics underscore the urgent need for enhanced IoT security measures. (VentureBeat)

Case Study: A Devastating IoT Attack on an Automotive Parts Manufacturer

An automotive parts manufacturer based in the midwestern U.S. faced a massive ransomware attack that began when unprotected IoT sensors and cameras on their network were breached. Attackers then moved laterally to find Windows-based systems and infected them with ransomware, disabling firewalls and encrypting all data files. The attackers threatened to expose sensitive company data if the ransom was not paid.

This real-life case study highlights the severe impact of IoT attacks on organizations, emphasizing the necessity for robust cybersecurity measures. (VentureBeat)

Strategies for Enhanced IoT Endpoint Security

Leading cybersecurity vendors, including CrowdStrike and Fal.Con 2022, have launched solutions that target security gaps in and between industrial control systems (ICSs). These solutions aim to close security blind spots associated with unmanaged or unsupported legacy systems, enhancing overall IoT security. (VentureBeat)

Reinforcing Password and Identity Security

Vendors like Ivanti have successfully developed solutions, such as Ivanti Neurons for RBVM, Ivanti Neurons for UEM, Ivanti Neurons for Healthcare, and Ivanti Neurons for IIoT, to improve IoT endpoint security at the password and identity level. These solutions facilitate unified endpoint management and risk-based vulnerability management, enabling proactive risk response and remediation of vulnerabilities. (VentureBeat)

The Role of Unified Endpoint Management (UEM)

To combat IoT attacks effectively, organizations should implement unified endpoint management solutions to discover and manage all assets on their networks, including IoT devices. UEM solutions are vital in managing the dynamic environment of IoT networks, ensuring comprehensive security coverage. (VentureBeat)

Embracing Agentless Cybersecurity

Agentless cybersecurity approaches, exemplified by Airgap Networks, are becoming essential for IoT and IoMT (Internet of Medical Things) security. These solutions address the challenges posed by IoT devices that cannot accept agents, providing a workable architecture for enhanced IoT security. (VentureBeat)

IoT devices continue to be a preferred target for cybercriminals due to their vulnerabilities and potential for large ransomware payouts. Organizations must prioritize IoT security by implementing comprehensive solutions to address design-in security blind spots, chronic default password use, reliance on legacy IoT sensors, and vulnerability to command-and-control attacks. By adopting proactive measures and agentless cybersecurity solutions, businesses can effectively mitigate the risks associated with IoT devices and safeguard their critical systems and data.