Forescout report reveals 2024's riskiest connected devices

Forescout's Vedere Labs has recently published a report identifying the riskiest connected devices to critical infrastructure in 2024. The report, titled "The Riskiest Connected Devices in 2024," is based on data from nearly 19 million devices and highlights vulnerabilities within four main categories: IT, IoT, OT, and IoMT.

According to Forescout Technologies, attackers are increasingly targeting a wide array of devices, operating systems, and embedded firmware. Elisa Costante, Vice President of Threat Research at Forescout, stated, "The device has evolved from a pure asset to a reliable, sophisticated, intelligent platform for communications and services, driving a transformation in the relationship between devices, people, and networks." The annual review aims to integrate threat contexts into how organisations use various devices and redefine secure interactions.

The report finds IT devices, including network infrastructure and endpoints, to be the most vulnerable, accounting for 58% of incidents, although down from 78% in 2023. Network infrastructure devices, such as routers and wireless access points, are particularly high-risk due to their online exposure and open ports. Endpoints like servers and computers remain susceptible to phishing and unpatched systems. Intriguingly, the report notes a shift in 2023 where network devices became riskier than endpoints.

In the IoT category, device vulnerabilities have increased by 136% since 2023. The riskiest IoT devices include Network Attached Storage (NAS), Voice over IP (VoIP), IP cameras, and printers, frequently exposed on the internet and historically targeted by attackers. A newcomer to this list is the Network Video Recorder (NVR), which stores recorded video alongside IP cameras on networks, making them a target for cybercriminal botnets and Advanced Persistent Threats (APTs).

For OT devices, industrial robots are contributing to emerging risks. The riskiest OT equipment includes Programmable Logic Controllers (PLCs), Distributed Control Systems (DCSs), and Uninterruptible Power Supplies (UPSs), often found with default credentials. New to the list this year are industrial robots, increasingly used in logistics, military, electronics, and automotive manufacturing, which face similar security challenges, such as outdated software and lax security postures.

Healthcare has shown notable improvements in IoMT device security. While healthcare is no longer the industry with the riskiest devices, medication dispensing systems remain the second most exposed IoMT device type. Forescout's research indicates a significant decrease in healthcare device vulnerabilities. Open ports have reduced from 10% in 2023 to 4%, and Remote Desktop Protocol (RDP) ports have declined from 15% to 6%. Despite these improvements, medical information systems and workstations continue to pose risks, particularly medication dispensers which are still highly susceptible to attacks.

To mitigate these risks, organisations are recommended to take several immediate steps. These include upgrading, replacing, or isolating OT and IoMT devices running legacy operating systems known for critical vulnerabilities. Implementing automated device compliance verification and enforcement to ensure non-compliant devices cannot connect to the network is vital. Improving network security efforts, including network segmentation to isolate high-risk devices like IP cameras and addressing open ports such as Telnet, is also strongly advised. Modern risk and exposure management must encompass devices in every category to effectively identify, prioritise, and reduce risks across an organisation.