A new report from Forescout shows a surge in newly identified high-risk device types, with 11 appearing on the riskiest list for the first time. Network infrastructure devices now represent the highest risk overall, surpassing traditional endpoints across several categories.
The study, based on analysis of millions of devices in Forescout’s Device Cloud, finds 75 percent of the riskiest device types were not on the list just two years ago, and 40 percent are new to the list this year. These include serial-to-IP converters and workstations, printers, time clocks, and RFID readers, power distribution units (PDUs), I/O Modules, and BACnet routers. Medication dispensing systems, medical image printers, and DICOM gateways also make the list.
“Organizations are connecting more specialized devices than ever, many of which are unmanaged and unagented, and adversaries are evolving their attacks accordingly,” says Barry Mainz, CEO, Forescout. “Threat actors are increasingly exploiting east-west traffic and could target emerging device categories like serial-to-IP converters, medication dispensing systems, and RFID readers. These devices serve as softer points of entry to the network due to limited hardening, inconsistent patching, widespread use of default credentials, and embedded management interfaces that are rarely monitored compared to traditional endpoints. Once a foothold is gained through one of these devices, attackers move laterally across networks to evade traditional, perimeter-focused security layers. In today’s threat landscape, containment is the new control. The ability to automatically contain the blast radius is critical for effective, modern cybersecurity.”
Printers, switches, and IP phones most commonly run outdated or unsupported firmware and are often overlooked in patch management programs. The report also shows that lLegacy Windows operating systems are most common in retail (39 percent), healthcare (35 percent), and financial services (29 percent).
“The pattern is clear: attackers are testing the edges and targeting devices that bridge or integrate multiple environments, including special-purpose operating systems, embedded management interfaces, and devices that often fall outside standard patch cycles,” says Daniel dos Santos, VP of research at Forescout. “We are seeing ransomware threat actors leveraging routers and IP cameras, while malware jumps from IT networks into OT workstations and even medical systems. Defenders need security strategies that can identify, prioritize and reduce risk across IT, OT, IoT, and IoMT domains, combined with automated controls that can adapt as the connected devices in their environment shift.”
You can read more and get the full report on the Forescout blog. There’s also a webinar looking at the findings.
Image credit: BeeBright/Depositphotos.com
