Ordr released this week its annual report on the state of connected devices that addresses pandemic-related cybersecurity challenges, including the growth of connected devices, and the related increase of security risks from these devices as hackers took advantage of the chaos to launch attacks. The report also highlights the risks of vulnerable connected devices concurrent to when ransomware attacks are being reported on a daily basis.
The report, titled, “Rise of the Machines 2021: State of Connected devices – IT, IoT, IoMT and OT,” incorporates security risk and trend analysis using anonymized data from Ordr’s over 400 deployments and 12 million devices over a 12-month period, up to June this year. The deployments are across the healthcare, life sciences, retail, and manufacturing verticals.
Ordr said that the number of agentless and un-agentable devices increased to 42 percent in this year’s report, compared to 32 percent of agentless or un-agentable devices last year. These devices include medical and manufacturing devices that are critical to business operations along with network devices, IP phones, video surveillance cameras and facility devices, such as badge readers, which are not designed with security in mind, cannot be patched, and cannot support endpoint security agents.
With almost half of devices in the network that are either agentless or un-agentable, organizations need to complement their endpoint security strategy with a network-based security approach to discover and secure these devices, according to Ordr.
“Once again, we found an astonishing and worrisome number of vulnerabilities and risks in connected devices, which is a crucial reminder that organizations must have comprehensive visibility as well as security for everything connecting to their networks,” Ordr CEO Greg Murphy, said in a press statement. “As the number of connected devices climbs, the number and sophistication of attacks targeting them will grow.”
Healthcare organizations had to deal with the security of devices that were rapidly procured and deployed both in their organization and across field hospitals, to address the surge in COVID-19 patients, Ordr said. Other organizations scrambled to deal with new work-from-home requirements. During the chaos and confusion, hackers launch cyberattacks. The company reported a rise in ransomware, where attackers encrypted traffic to halt operations, but also transitioned to a new business model of releasing sensitive data if the ransomware wasn’t paid.
The Santa Clara, California-based company said in its report that certain devices like operational technology (OT) or Internet of Medical Things (IoMT) formed a critical part of business operations and can be in service for years at a time. As a result, they often run outdated operating systems that cannot be patched. However, it can be cost-prohibitive to replace them. Newer devices may not offer the same features or maybe too complex to deploy.
The challenge from a cybersecurity perspective is that when operating systems reach end-of-life, vulnerabilities will remain on the system. The manufacturer no longer issues patch updates to resolve issues. Hackers may use these vulnerabilities to gain access.
Ordr deployments identified about 19 percent of deployments with devices running outdated operating systems Windows 7 and older. Thirteen percent of deployments had devices running Windows 7, 5 percent of deployments had devices running Windows XP, and 1 percent of deployments had devices running Windows CE. The company also saw that almost 24 percent of deployments are still running Windows 8, and 38 percent running Windows 10, which are expected to reach end-of-life in 2023 and 2025 respectively.
Ordr said that 46 percent of all IoT devices are vulnerable to medium and high severity attacks. Healthcare organizations are seeing significant risks. Sixty-eight percent of healthcare deployments have more than 10 FDA recalls, 32 percent of medical imaging devices run on unsupported operating systems and 15 percent of medical devices run on unsupported operating systems.
In Ordr deployments, the company found that 55 percent of deployments had devices with ‘orphaned users,’ and 20 percent of deployments had devices with local users. Orphan accounts retain the same access rights as when they were associated with an active user. Therefore, in the event of a security incident, orphans represent an opportunity for privilege escalation and lateral movement, as they still retain access to systems, resources and data within the organizations, Ordr added.
With the increased number of IoT networked medical devices, combined with outsourced staff or MSSP contractors, and even the expanded use of Telemedicine, tablets, and smartphones – the healthcare attack surface is growing, Garland Technology said.
In addition, DDoS attacks and ransomware directed at hospitals can do a lot more potential damage than attacks against other institutions, Ross Green, the European Sales Director for Garland Technology, wrote in a company blog post. “When ransomware locks down a hospital, it can prevent people from receiving life-saving medical treatments, which gives administrators a vast incentive to simply pay the ransom and hope for the best. This creates a vicious cycle that incentivizes attackers towards even more elaborate attacks on healthcare institutions,” he added.
Hospital cybersecurity is made challenging due to some complications, including the complex architecture of hospital networks, frequent obsolescence of operating systems, and the insufficient number of qualified security personnel. In addition, legislative requirements place high demands on security, cybersecurity firm GreyCortex said in a blog post on Wednesday.
“Hospital internal networks have a specific and rather complicated architecture. They are the combination of not only IT elements but also include the operational technology of specialized medical departments as well as devices such as air conditioning, heating or blind controls,’ it added.