The vulnerability of IoT devices has increased significantly in recent years, with a 136% surge in 2024 alone.


IoT devices vulnerabilities have surged by 136% in 2024 [1] [2] [4] [5], with the proportion of devices with vulnerabilities rising from 14% in 2023 to 33% in 2024 [2]. The most vulnerable IoT device types include wireless access points (WAPs) [2], routers [1] [2], printers [1] [2] [4] [5], voice-over-IP (VoIP) devices [1], IP cameras [1] [2] [4] [5], Network Video Recorders (NVRs) [4] [5], and NAS devices. NVRs [4] [5], which store recorded video alongside IP cameras [4], have significant vulnerabilities that cybercriminal botnets and APTs have exploited [4]. Threat actors target IoT devices connected to the enterprise stack [2], such as IP cameras [2], NVRs [4] [5], and building management systems [2], for lateral movement and command and control [2]. The top three riskiest verticals are technology [1], education [1] [2], and manufacturing [1], while healthcare has seen a decline in risky devices [1]. However, Internet of Medical Things (IoMT) devices are also at risk [2], with 5% found to contain vulnerabilities [2], including medical information systems [2], electrocardiographs [2], DICOM workstations [2], PACS [2], and medication dispensing systems [2]. Ransomware attacks affecting dispensing systems can cause delays in patient treatment [2]. Forescout emphasizes the importance of taking a holistic view when assessing risk [1], as attackers can leverage devices from different categories to carry out attacks [1]. Solutions that focus only on specific devices may not effectively reduce risk across the entire organization [1]. Various sectors such as vehicles [3], smart home systems [3], smart clothes [3], and devices with remote monitoring capabilities are also identified as having a concerning number of vulnerable IoT devices [3].


Ransomware attacks on IoT devices, especially in critical sectors like healthcare, can have severe consequences, including delays in patient treatment [2]. It is crucial for organizations to take a holistic approach to assessing and mitigating risks associated with IoT devices. As vulnerabilities continue to rise, it is essential to prioritize cybersecurity measures to protect against potential threats in the future.