Darkreading.com reported that “Extended IoT devices (xIoT) stand as a perennial favorite for cyberattackers seeking to move laterally and establish persistence within enterprise networks. They’ve got everything the bad guys need for a foothold: They’re grossly under secured, they’re present in large numbers (and in sensitive parts of the network), and, crucially, they’re typically not well monitored.” The April 14, 2023 article entitled “Why xIoT Devices Are Cyberattackers’ Gateway Drug for Lateral Movement” (https://www.darkreading.com/ics-ot/why-xiot-devices-are-gateway-drug-lateral-movement) included these comments about “xIoT devices typically fall into three device categories that all proliferate significantly in business environments”:
#1 The first are the enterprise IoT devices like cameras, printers, IP phones, and door locks.
#2 The second are operational technology devices like industrial robots, valve controllers, and other digital equipment that control physics in industrial settings.
#3 The third — and often least remembered — are general network devices like switches, network attached storage, and gateway routers.
No surprises, but xIoT are scary!
First published at https://www.vogelitlaw.com/blog/watch-out-of-unsecure-xiot-extended-iot-devices