Among the most at-risk device types in terms of exposure to cyber attack are serial-to-IP converters, time clocks, RFID readers, BACnet routers and medical image printers, according to a cyber firm.
Network infrastructure devices represent the highest risk overall. Legacy Windows operating systems are most prevalent in retail, healthcare and financial services. Routers (rather than computers) account for one-third of the most critical vulnerabilities in organisational networks. Printers, switches, and IP phones most commonly run outdated or unsupported firmware and are often overlooked when patching, the report suggested. Attackers are testing the edges and targeting devices that bridge or integrate multiple environments, including special-purpose operating systems, embedded management interfaces, and devices that often fall outside standard patch cycles, said Daniel dos Santos, VP of Research at Forescout. He said: โWe are seeing ransomware threat actors leveraging routers and IP cameras, while malware jumps from IT networks into OT workstations and even medical systems.”
The firm says that it looked at millions of devices in Forescoutโs Device Cloud using a multi-factor risk scoring methodology.
What they say
Barry Mainz, CEO, Forescout said: โOrganisations are connecting more specialized devices than ever, many of which are unmanaged and unagented, and adversaries are evolving their attacks accordingly. Threat actors are increasingly exploiting east-west traffic and could target emerging device categories like serial-to-IP converters, medication dispensing systems, and RFID readers. These devices serve as softer points of entry to the network due to limited hardening, inconsistent patching, widespread use of default credentials, and embedded management interfaces that are rarely monitored compared to traditional endpoints. Once a foothold is gained through one of these devices, attackers move laterally across networks to evade traditional, perimeter-focused security layers. In todayโs threat landscape, containment is the new control. The ability to automatically contain the blast radius is critical for effective, modern cybersecurity.โ
The firm sums up that risk is spreading across a broader set of device categories that are often harder to inventory, harden, or patch consistently. See also the company’s blog.
