2020年物联网威胁报告（英文）

2020 Unit 42 IoT Threat Report P a l o A l t o N e t w o r k s | U n i t 4 2 | I o T T h r e a t R e p o r t 2Table of ContentsExecutive Summary 301 IoT Security Landscape 4Organizations Lack the Tools to Discover and Secure IoT 5Enterprises Sit on a Time Bomb 6Healthcare Is in Critical Shape 7Basic Network Segmentation Best Practices Aren’t Followed 8Case Study: Conficker in Healthcare 902 Top IoT Threats 10Exploits, Password Attacks, and IoT Worms Top the Chart 11Unpatched Devices and Legacy Protocols: Means of Lateral Movement 12Threats Evolving to Specifically Target IoT Environments 13Case Study: Cryptojacking in the Wild 1403 Conclusion and Recommendations 15Take Steps to Reduce Risk 16Step 1: Know your risk and discover IoT devices on the network 16Step 2: Patch printers and other easily patchable devices 16Step 3: Segment your IoT devices across VLANs 17Step 4: Enable active monitoring 18Perfect Your IoT Strategy 19Best Practice 1: Think holistically, orchestrate the entire IoT lifecycle 19Best Practice 2: Expand security to all IoT devices through product integrations 20About 21Palo Alto Networks 21Unit 42 21Methodology 22 P a l o A l t o N e t w o r k s | U n i t 4 2 | I o T T h r e a t R e p o r t 3Executive SummaryAccording to a 2019 Gartner report, "By the end of 2019, 4.8 billion [IoT] endpoints are expected to be in use, up 21.5% from 2018." While the internet of things (IoT) opens the door for innovative new approaches and services in all industries, it also presents new cybersecurity risks. To evaluate the current state of the IoT threat landscape, the Unit 42 threat intelligence team analyzed security issues throughout 2018 and 2019 with the Palo Alto Networks IoT security product, Zingbox®, spanning 1.2 million IoT devices in thousands of physical locations across enterprise IT and healthcare organizations in the United States. We found that the general security posture of IoT devices is declining, leaving organizations vulnerable to new IoT-targeted malware as well as older attack techniques that IT teams have long forgotten. This report details the scope of the IoT threat landscape, which IoT devices are most susceptible, top IoT threats, and actionable next steps to immediately reduce IoT risk. IoT devices are encrypted and unsecured98% of all IoT device traffic is unencrypted, exposing personal and confidential data on the network. Attackers who’ve successfully bypassed the first line of defense (most frequently via phishing attacks) and established command and control (C2) are able to listen to unencrypted network traffic, collect personal or confidential information and then exploit that data for profit on the dark web.57% of IoT devices are vulnerable to medium- or high-severity attacks, making IoT the low-hanging fruit for attackers. Because of the generally low patch level of IoT assets, the most frequent attacks are exploits via long-known vulnerabilities and passwo