Security News > 2022 > November > 6 ways to reduce your IoT attack surface
In our own analysis of millions of IoT devices deployed in corporate environments, we have found that both high-risk and critical vulnerabilities are widespread. Half of all IoT devices have vulnerabilities with a CVSS score of at least 8, and 20% have critical vulnerabilities with a CVSS score of 9-10.
If a company doesn't even know which devices are on its network, how can it possibly defend them from attack or protect its IT network from lateral movement after a successful IoT breach?
Legacy vulnerability scanners can help, but they operate by sending malformed packets, which aren't great for IoT identification and can even knock an IoT device offline.
A better approach is to discover IoT devices by interrogating the devices in their native language.
Attacks on IoT devices are easy to carry out because many of these devices still have default passwords.
Most IoT devices run on outdated firmware, which poses significant security risks since vulnerabilities are so widespread. Firmware vulnerabilities leave devices exposed to attacks including commodity malware, sophisticated implants and backdoors, remote access attacks, data theft, ransomware, espionage, and even physical sabotage.
News URL
https://www.techrepublic.com/article/reduce-iot-attack-surface/