A vast number of common vulnerabilities and exposures (CVEs), default passwords and other security risks have been found in millions of extended internet of things (XIoT) devices.
The claims come from security experts at Phosphorus, who recently published a report encapsulating five years of security research and device testing.
The research suggests some worrying findings based on the analysis of millions of XIoT devices deployed in corporate network environments across leading verticals.
Phosphorus has claimed that 99% of XIoT device passwords analyzed as part of its research were out of compliance with best practices, and 68% of XIoT devices had high-risk or critical vulnerabilities (CVSS scores of 8-10). Further, the company said that 80% of security teams could not correctly identify most of their XIoT devices.
The new findings illustrate the threat actor’s continued abuse of Internet Explorer flaws such as CVE-2020-1380 and CVE-2021-26411 to drop backdoors like BLUELIGHT and Dolphin, the latter of which was disclosed by Slovak cybersecurity firm ESET late last month.
Another key tool in its arsenal is RokRat, a Windows-based remote access trojan that comes with a wide range of functions that allow it to capture screenshots, log keystrokes, and even harvest Bluetooth device information.