Network equipment is the category of connected devices most at risk

It’s well known that connected devices often offer a very attractive surface for attackers, who can cross network segments from a single vulnerable entry point, but which category of these devices is most at risk of invasion? Forescout Technologies sought to answer this question in its fourth annual review of data from almost 19 million devices, through its research arm, Vedere Labs.

“We analysed millions of data points to publish our report with the connected devices that are most at risk. We seek to integrate important threat contexts into the way organisations use different devices and redefine what it means to connect and interact securely,” says Elisa Costante, vice president of threat research at Forescout.

The study The Riskiest Connected Devices in 2024 considered five types of the most insecure devices in four categories: IT (Information Technology), IoT (Internet of Things), OT (Operational Technology) and IoMT (Internet of Medical Things).

The IT devices category, which includes network infrastructure and endpoints, is still responsible for the majority of vulnerabilities (58 per cent), although it has fallen from the level of 78 per cent in 2023.

Network infrastructure equipment – routers and wireless access points – are often exposed online and have dangerously open ports. Servers, computers and hypervisor equipment continue to be high-risk as entry points for phishing or because of unpatched systems and applications.

At the beginning of 2023, endpoints were more insecure than network devices. At the end of last year, there was a reversal in the number of vulnerabilities found and exploited in network infrastructure devices. Today, network equipment has become the most at-risk category of IT device, overtaking endpoints, according to the study.

When it comes to the Internet of Things, devices with vulnerabilities have shown an impressive 136 per cent growth compared to 2023, proving to be persistent. Those most at risk are NAS equipment, VoIP equipment, IP cameras and printers, which have historically been targeted by attackers. This year’s analysis includes, for the first time, a type of IoT device on the list of the most insecure connected devices: a network video recorder (NVR), which is installed alongside networked IP cameras to store the recorded images. Its vulnerabilities are being exploited by botnets and cybercriminal APTs.

The OT device class has industrial robots as newcomers to the list of equipment at risk. Many robots share the same security challenges as other OT equipment, such as outdated software, popularly known credentials and lax security postures.

Other more insecure sub-types in this category are PLCs and DCSs, which are poor by design when it comes to cybersecurity. In many data centres, UPS units with credentials defined to known standards and building automation systems also proved vulnerable.

The growing category of connected health devices (IoMT) presented a high level of cybersecurity risks in the 2023 analysis. The scenario changed in the 2024 edition of the Forescout survey, as many organisations closed their doors, replacing remote device management with the SSH protocol instead of telnet, according to the study. Healthcare companies recorded the biggest drop in the criterion that takes into account the frequency of open ports, from 10 per cent in 2023 to just 4 per cent this year. They also saw the biggest reduction in RDP (Remote Desktop Protocol), from 15 per cent to 6 per cent.

Despite this, IoMT devices are still at risk, especially drug dispensing systems. So-called medicine dispensers have been known to be vulnerable for almost a decade, but today they are the sixth most vulnerable type of device in general and the second most in the IoMT category.

Forescout recommends three immediate measures that organisations can take to reduce the risks to connected devices:

• Update, replace or isolate OT and IoMT devices that use legacy operating systems known to have critical vulnerabilities;

• Implement automated verification and enforcement of compliance rules to ensure that non-compliant devices do not connect to networks;

• Increasing network security efforts, including segmentation measures to isolate exposed devices such as IP cameras and dangerous open ports such as telnet.