The Internet of Things (IoT) is estimated to connect billions of devices generating an unimaginable amount of data. In order to prepare organizations in managing these data, cybersecurity solutions firm Palo Alto Networks’ Unit 42 threat intelligence team analyzed security issues of 1.2 million IoT devices across enterprise IT and healthcare organizations in the United States throughout 2018 and 2019.
The “2020 Unit 42 IoT Threat Report” identified the top IoT threats and provide recommendations that organizations can take to immediately reduce IoT risk in their environments.
The report reveals that 83% of medical imaging devices are running on unsupported operating systems. This reflects a 56% jump from 2018, which is believed to be caused by the end of support of Windows 7 OS, which could potentially leave hospital organizations vulnerable to attacks that can disrupt care or expose sensitive medical information.
Most alarming is the seemingly loose, if not complacent, security postures with the report saying that attackers successfully infiltrated organizations’ first line of defense — i.e. phishing attacks — and established command and control (C2) that allowed them to snoop in the unencrypted network, steal data, and sell them to the dark web.
Palo Alto Networks’ report also found 98% of all IoT device traffic is unencrypted, exposing personal and confidential data on the network and allowing attackers the ability to listen to unencrypted network traffic, collect personal or confidential information, then exploit that data for profit on the dark web.
While 51% of threats for healthcare organizations involve imaging devices, disrupting the quality of care and allowing attackers to exfiltrate patient data stored on these devices. Seventy-two percent of healthcare VLANs mix IoT and IT assets, allowing malware to spread from users’ computers to vulnerable IoT devices on the same network.
Internet of Medical Things (IoMT)
Unit 42 IoT Threat Report also noted 57% of IoT devices are vulnerable to medium- or high-severity attacks. Because of the generally low patch level of IoT assets, the most frequent attacks are exploits via long-known vulnerabilities and password attacks using default device passwords.
The researchers said the general decline in security posture opens the door for new attacks, such as cryptojacking (which increased from 0% in 2017 to 5% in 2019) and brings back long-forgotten attacks such as Conficker, which IT teams had previously been immune to for a long time.
Imaging systems, which represent a critical part of the clinical workflow, have the most security issues in terms of IoMT devices. For healthcare organizations, 51% of threats involve imaging devices, disrupting the quality of care and allowing attackers to exfiltrate patient data stored on these devices.
Poor security hygiene
While cybersecurity is slowly taking center stage in business operations talks and costs, it may be surprising to learn that healthcare organizations are still displaying “poor network security hygiene” with 72% of their VLANs mix IoT and IT assets, allowing malware to spread from users’ computers to vulnerable IoT devices on the same network. There is a 41% rate of attacks exploiting device vulnerabilities, as IT-borne attacks scan through network-connected devices in an attempt to exploit known weaknesses.
The researchers said they are seeing “a shift from IoT botnets conducting denial-of-service (DDoS) attacks to more sophisticated attacks targeting patient identities, corporate data, and monetary profit via ransomware. IoT-focused cyberattacks are targeting legacy protocols There is an evolution of threats targeting IoT devices using new techniques, such as peer-to-peer C2 communications and worm-like features for self-propagation.
Attackers recognize the vulnerability of decades-old legacy OT protocols, such as DICOM, and are able to disrupt critical business functions in the organization.