A recent report from Forescout reveals a major shift in the global cyberthreat landscape. Network infrastructure devices are now the primary target for attacks, even surpassing traditional endpoint devices like computers and laptops.
In a study analyzing millions of devices through its Device Cloud, Forescout found that 75 percent of the most at-risk device types weren’t even on the list two years ago. Even more shocking, 40 percent of high-risk devices only emerged this year.
“Trivial” Devices Become Hackers’ Entry Points
A number of devices previously considered harmless are now becoming key vulnerabilities for hackers. Some of these include:
- Serial-to-IP converters
- Printers and workstations
- Time clocks
- RFIDs
- Power distribution units (PDUs)
- BACnet routers
- Medication distribution systems and medical devices
These devices are generally poorly managed, rarely updated, and often use default credentials—making them vulnerable to infiltration.
Forescout CEO Barry Mainz explained that organizations are increasingly connecting specialized devices to their networks, but they lack adequate security systems.
“These devices often serve as easier entry points because they have weak security and are rarely monitored,” he said.
Attacks Are Now More Sophisticated and Stealthy
Cybercriminals are no longer just attacking from the outside (perimeter), but are also exploiting internal traffic, or “east-west traffic,” to move within the network.
After successfully infiltrating one device, hackers can move laterally to other systems undetected, magnifying the impact of the attack.
“In today’s landscape, the ability to limit the spread of attacks is key,” Mainz added.
Outdated Firmware Is a Serious Problem
The report also highlighted that many devices, such as printers, switches, and IP phones, are still using outdated or even unsupported firmware.
Unfortunately, these devices are often overlooked in patch management programs, making them easy targets for attacks.
Furthermore, legacy Windows operating systems are still widely used, especially in the following sectors:
- Retail (39 percent)
- Healthcare (35 percent)
- Financial services (29 percent)
Cross-System Threats Are Becoming More Real
According to Forescout’s VP of Research, Daniel dos Santos, current attack patterns indicate that hackers are starting to target devices that connect multiple systems.
“We’re seeing ransomware exploit routers and IP cameras, while malware can now move from IT networks to operational systems (OT) and even medical devices,” he explained.
This indicates that the lines between IT, OT, IoT, and IoT systems are increasingly blurring—and all are potential targets.
A New Security Strategy is Needed
Forescout emphasizes the importance of a more comprehensive security approach. Organizations can no longer focus solely on primary devices, but must be able to:
- Identify all connected devices
- Prioritize risks
- Automatically mitigate them
Furthermore, security systems must be able to adapt quickly as devices on the network increase.
This report serves as a stark warning that cyber threats are increasingly complex and unpredictable. Devices previously considered trivial can actually become the starting point for major attacks.
With increasingly sophisticated attack patterns, companies are required to not only strengthen their defenses at the “front door” but also monitor the entire network ecosystem as a whole.
Otherwise, one small, overlooked device could be the beginning of a major data breach.
