According to new research released by Claroty, vulnerability disclosures targeting Internet of Things (IoT) devices have grown by 57% during the first half (1H) of 2022 compared to the previous six months.
The State of XIoT Security Report: 1H 2022 discovered that vendor self-disclosures increased by 69% over the same time period. These vendors have become more prolific reporters than independent research outfits for the first time. Also, fully or partially remediated firmware vulnerabilities increased by 79%, a notable improvement given the relative challenges in patching firmware versus software vulnerabilities.
“Decades of connecting physical things to the internet has led us to a place where cyber-physical systems are now impacting our real-world experiences, from the food we eat and water we drink to the elevators we ride and medical care we receive,” Amir Preminger, vice president of research at Claroty, stated. “This study was conducted to provide decision-makers in these critical sectors with a thorough view of the XIoT vulnerability landscape, allowing them to correctly evaluate, prioritize, and address risks to mission-critical systems such as public safety, patient health, smart grids and utilities.”
The report showed that the top 10% of most exploited IoT vulnerabilities were all remotely exploitable, with an average CVSS score of 9.8. The most common attack vector among these was ‘network’ (93%), followed by ‘adjacent network’ (7%).
According to the study, 80 new vendors appeared in the 1H 2022 rankings, with 23% of all vulnerabilities attributed to them. This suggests that new IoT devices are being adopted at a rate that is outstripping the ability of mature vendors to address security issues.
“The results of this study should be a call to action for both enterprises and regulators,” Preminger continued. “We urge enterprises to take a comprehensive and risk-based approach to IoT security that includes prevention and detection capabilities and formal processes for managing vulnerabilities throughout the product lifecycle. And we urge regulators to consider mandating minimum security standards for IoT devices.”
This is a significant problem that needs to be addressed. IoT devices are becoming more and more commonplace, and as such, they are becoming increasingly attractive targets for attackers. The fact that new vendors are appearing at a rate that is outstripping the ability of mature vendors to address security issues is particularly worrying. Enterprises must take a comprehensive and risk-based approach to IoT security, and regulators must consider mandating minimum security standards for IoT devices.
More Stories
Killnet and AnonymousSudan Collaborate to Launch Cyber Attacks on Western Organisations
In recent news, it has been reported that two Russia-sympathetic hacktivist groups, Killnet and AnonymousSudan, have allegedly launched a series...
$4000 Gone In An Instant: Mother Defrauded in Facebook Marketplace Car Deal
A mother of four is warning others to be cautious after believing she had purchased a safe and dependable car...
Shocking Scam: Sydney Family Loses $200K Life-Savings in Suncorp Spoofing Fraud
A family from Sydney has lost their life savings worth $200,000 due to a fraudulent scam. Peter and Madison, who...
Mysterious Money Transfer Leaves Couple Speechless: How They Got an Unsolicited $4000
A young couple in Melbourne claims their bank is making up a personal loan they do not understand. Ashley and...
Phishing + AI + Voice Cloning= Big Trouble: The New Way Criminals are Stealing Your Money
New Alert: Criminals use AI and voice cloning to trick you out of your money. Earlier this year, Microsoft unveiled...
‘Impossible to Spot’ Delivery Scam Email Targets Australia Post Customers – Don’t Fall Victim!
Unsuspecting shoppers should be cautious as a parcel delivery scam that is hard to distinguish targets Australia Post customers. Email...