Forescout report finds network infrastructure attacks have overtaken endpoint security risks – SiliconANGLE

A new report released today by Forescout Research’s Vedere Labs warns that network equipment has become the riskiest information technology device category, surpassing endpoints as attackers are crossing silos to find entry points across the full spectrum of devices, operating systems and embedded firmware.

The finding was the top result in the Riskiest Connected Devices in 2024 report, based on the analysis of nearly 19 million devices. The data gathered was used to analyze and identify the riskiest connected devices across categories, including IT, the internet of things, operation technology and the internet of medical things.

IT devices were found to account for 58% of vulnerabilities so far this year, down from 78% in 2023. Over the same period, IoT vulnerabilities increased to 33% from 14%. Wireless access points, routers, printers, voice-over-internet-protocol equipment and IP cameras were found to be the most vulnerable device types, with unmanaged devices such as VoIP equipment, networking equipment and printers noted as highly exposed.

Network infrastructure devices, including routers and wireless access points, overtook endpoints — including servers and computers — as the riskiest exposure point, a swap from the situation in 2023. The report notes that the switch is the result of a rapid increase in the number of vulnerabilities targeting and successfully exploring network infrastructure devices since the second half of 2023.

By industry, technology, education and manufacturing were found to have the riskiest devices. Conversely, healthcare was found to have experienced a significant reduction in risk, largely due to reduced use of remote desktop protocols and legacy Windows versions.

The report also highlights sectors using old versions of Windows, with the technology sector leading, followed by education, retail and healthcare.

In terms of what attackers are also targeting, commonly exposed ports were found to remain popular attack vectors, including Server Message Block Protocol, RDP, Secure Shell and Telnet. Healthcare, technology and manufacturing were found to have reduced Telnet exposure but increased SSH usage.

When it comes to exposed devices, computers, mobile devices and servers were found to account for the majority of exposed devices. VoIP equipment, networking equipment and printers were the most exposed unmanaged devices.

“The attack surface now encompasses IT, IoT and OT in almost every organization — with IoMT in healthcare,” the report concludes. “It is not enough to focus defenses on risky devices in a single category since attackers can leverage devices of different categories to carry out attacks.”

To defend this expanded attack surface, the report adds, “organizations need new security approaches to identify and reduce risk. Modern risk and exposure management must encompass devices in every category to identify, prioritize and reduce risk across the whole organization.”

Image: Forescout