Microsoft recently undertook research to discover if enterprise systems are at risk because of edge network devices. The company was prompted to do so because IoT botnets have continued to cause a lot of problems and are also attacking critical infrastructure. The survey was commissioned by Microsoft but was actually carried out by the Ponemon Institute. The focus of the survey was the Internet of Things (IoT) and Operational Technology (OT) devices and the goal was to identify what security threats they may have for IT systems once they are no longer a part of the edge network devices. The devices in the latter category include devices as well as software that are used for controlling and monitoring industrial equipment, which incorporates a physical element in cybersecurity.
There were 651 participants in the survey that was conducted across the United States and these were IT security, IT, and OT security practitioners. It found that corporate IT networks are connected to almost 51% of the OT networks and these key findings have been highlighted by Microsoft in a blog post and it has also released a report regarding this matter. According to 88% of the people who responded to the survey, the OT devices that their businesses use are connected to the internet of things, such as cloud printing services. They also said that 56% of the OT devices on their network were also connected for remote access.
Microsoft discussed the notorious Mozi P2P IoT botnet, which spreads by targeting vulnerabilities in IoT products such as video records and also uses popular network gateways. According to Microsoft, this is the perfect example of how business networks are breached by edge devices that have been compromised. These devices had once been assumed to be air-gapped. As per the survey conducted by the Ponemon Institute, only 29% of the survey’s respondents had a full inventory of OT and IoT devices.
64% of the survey’s respondents had average or low confidence that their IoT devices were patched and the same proportion of the participants admitted that they were not aware if their devices were compromised. In the past year, VPN appliances have suffered from multiple attacks and this has indicated that these can be a vulnerability in industrial and enterprise networks. This week, the US Cybersecurity and Infrastructure Agency (CISA) issued a warning to organizations about a new set of critical flaws that have been discovered in the SMA 100 Series appliances offering mobile remote access by SonicWall.
The survey also indicated that IT managers have some awareness because 39% of the participants of the survey said that they had experienced an attack on OT or IoT devices in the last two years. Furthermore, 35% of them said that they had dealt with an incident where a broader attack was conducted through the use of an IoT device like ransomware, or for gaining persistence on a network. In addition, majority of the respondents, around 63%, have also said that they believe these attacks on IoT and OT devices will only increase in the coming years.