Cyberattacks on servers and desktop computers are well studied by information security teams, and the methodology for protecting against them has been most vulnerable worked out in detail. The situation is much more complicated with “invisible” devices: routers, printers, medical equipment, video surveillance cameras and other devices. Meanwhile, they are often connected to the general network of the organization along with servers and work machines. Which of these devices require the primary attention of the information security service and what risk factors are key in each case, the authors of the study “Riskiest connected devices 2024” tried to figure out.
They analyzed more than 19 million devices
Work computers, servers, IoT devices, specialized equipment for most vulnerable medicine and industry. For each device, the risk level was calculated on a ten-point scale, taking into account the presence of known and exploited vulnerabilities, the activity of open ports accessible from the Internet, the presence of malicious traffic from the device or to the device. In addition, the importance of the device for the organization and the possibility of critical consequences if it is compromised are taken into account. Here are the devices that were most often vulnerable and exposed to high risks, according to the researchers.
Wireless Access Points, Routers and Firewalls
The top two places in the list of devices with the highest risk level in an office network are confidently occupied by network devices. Routers are usually accessible from the Internet. any of them have open control ports and services that are most vulnerable convenient for attackers to exploit: SSH, Telnet, SMB, as well as highly specialized proprietary management services. In recent years, attackers have learned to effectively exploit vulnerabilities in this class of equipment, especially in its administration interfaces. The situation is approximately the same with firewalls, especially since for small companies these two functions are often combined in one most vulnerable device. Access points have insecure settings even more often than routers, but the situation is somewhat mitigated by the fact that in order to compromise them, you need to be close to the device. The initial attack vector is usually a guest Wi-Fi network or a dedicated network for mobile devices.
Printers
Although there are not many cases of printer exploitation by hackers, they are almost always high-profile. The risk factors associated with printers are as follows:the speed at which updates for their software are published is low, and the speed at which they are installed by clients is even lower – so dangerous vulnerabilities in printer software israel whatsapp data can most vulnerable remain exploitable and useful to attackers for years;
The category “printers” includes not only network MFPs, but also highly specialized devices such as label and receipt printers.
Internet telephony devices (VoIP) and IP video surveillance cameras
In addition to the most vulnerable risks common to all technology, associated with the compromise of the device and the subsequent movement of hackers across the network, unique risks here are the ability of attackers to observe protected objects, listen in on VoIP conversations, or use VoIP telephony for fraudulent actions on behalf of the attacked organization. This does not even require exploiting vulnerabilities, an incorrect configuration or standard passwords are enough.
Automatic drug dispensers and infusion pumps
The first niche devices on the hit parade are automatic drug dispensers and digital infusion pumps, the compromise of which can seriously disrupt hospital operations and affect people’s health. At the same time, for a critical incident affecting patient care, it is not necessary to deeply compromise these devices; it is enough to most vulnerable provoke a denial of service or disconnection from the telecommunications network. Similar situations occurred during real attacks by the LockBit ransomware group on medical institutions . Another risk is malicious changes in drug dosages, which are possible both due to numerous vulnerabilities in the devices and due to insecure settings. In some hospitals, even a patient can do this by simply connecting to the hospital’s Wi-Fi.
How to Protect Vulnerable Equipment in Your Organization
Disable all unnecessary services on the equipment and restrict access to the necessary ones. Control panels and utility services should be accessible only from administrative computers from the internal subnet. This rule is critically important for network equipment and any equipment accessible from the Internet.
Segment the network by creating separation between the office, production, and administrative networks.
Use unique and complex passwords for most vulnerable each administrator, if possible – with multi-factor authentication (MFA). Use unique passwords for each user, be sure to use MFA when accessing important resources and equipment.
>If the device does not support strong enough authentication and MFA, you can isolate it into a separate subnet and set up access control with MFA at the network hardware level.
Prioritize fast firmware and software updates on network equipment.
Study in detail the settings of the equipment related to network and security, change the default settings if they are not secure enough, disable the built-in standard accounts and the ability to access without a password.
Study the router/router manual for improving security (hardening), if there is none, look for recommendations from authoritative international organizations.
When purchasing printers, MFPs and similar devices, study the standard capabilities for improving print security. Some corporate models support encrypted information exchange mode secure print, some are able to most vulnerable automatically update their firmware, as well as export events to a SIEM system for comprehensive information security monitoring.
Implement a comprehensive security system in the organization, including EDR and comprehensive network monitoring based on SIEM.
Transport
First of all, figure out how to get a local travel card, avoid traveling during rush hour, and don’t take large sums of money on public transport. If these tips are obvious to you, here are a couple more unusual life hacks for safe travel on vacation.
Use a local popular navigation app. It is likely that using Yandex.Maps or Google Maps in your destination country will be irrelevant. You should only download new apps from official catalogs. But even there, malware may lurk , so be sure to most vulnerable keep reliable protection enabled.
Follow the driving rules. At a minimum, make sure whether the country you are visiting drives on the right or left side of the road. This is especially important if you plan to rent a car, bike, or other type of transport.
Download offline maps and transport schemes to your smartphone. It’s safer than connecting to public Wi-Fi hotspots every time.
Accommodation
Choosing the right hotel, inn, and even room is one of the most important components of a great trip. It is important to most vulnerable choose accommodation based on your needs. Possibilities in order to find the golden balance:And most importantly. When searching for vacation accommodation, use specialized services. Do not follow suspicious links from email newsletters. If you want to ensure maximum protection, use a top anti-phishing solution .
Entertainment
To avoid this from happening to you, follow our advice.
Buy tickets on official resources. Believe me, scammers have “tickets” for any event: to the theater or to an exhibition. To the Burning Man festival , football tournaments and even to the Olympics .
Look for discounts, but be careful. Students can apply for an ISIC card , and everyone else can look for package and last-minute offers. The main thing is not to fall for typical fraudulent tricks ; scammers love discount fans.
Find local events.