* [Blog](https://www2.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/) * [未分類](https://www2.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr) * 98% 的美國物聯網設備流量未加密... # 98% 的美國物聯網設備流量未加密 [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F03%2Funit42-iot-threat-report%2F%3Flang%3Dzh-hant) [](https://twitter.com/share?text=98%25+%E7%9A%84%E7%BE%8E%E5%9C%8B%E7%89%A9%E8%81%AF%E7%B6%B2%E8%A8%AD%E5%82%99%E6%B5%81%E9%87%8F%E6%9C%AA%E5%8A%A0%E5%AF%86&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F03%2Funit42-iot-threat-report%2F%3Flang%3Dzh-hant) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2020%2F03%2Funit42-iot-threat-report%2F%3Flang%3Dzh-hant&title=98%25+%E7%9A%84%E7%BE%8E%E5%9C%8B%E7%89%A9%E8%81%AF%E7%B6%B2%E8%A8%AD%E5%82%99%E6%B5%81%E9%87%8F%E6%9C%AA%E5%8A%A0%E5%AF%86&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2020/03/unit42-iot-threat-report/?lang=zh-hant&ts=markdown) \[\](mailto:?subject=98% 的美國物聯網設備流量未加密) Link copied By [Unit 42](https://www.paloaltonetworks.com/blog/author/unit-42/?lang=zh-hant&ts=markdown "Posts by Unit 42") Mar 18, 2020 1 minutes [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) This post is also available in: [简体中文 (簡體中文)](https://www2.paloaltonetworks.com/blog/2020/03/unit42-iot-threat-report/?lang=zh-hans "Switch to 簡體中文(简体中文)") 根據[Gartner的報告](https://urldefense.proofpoint.com/v2/url?u=https-3A__www.gartner.com_en_newsroom_press-2Dreleases_2019-2D08-2D29-2Dgartner-2Dsays-2D5-2D8-2Dbillion-2Denterprise-2Dand-2Dautomotive-2Dio&d=DwMFog&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=rlV3QLKXfVd47fRPwA7WrCCSjqFsgIzvhSPB3-jJ4YQ&m=bJB8wASvV8e61uFGGNBwqS9aZx4v9dOWGI2O38dplHg&s=q9JEBhQwK4Jz5ANtODdjumdkMwF05b6jnm-kAH_NWGQ&e=),截至2019年底,預計有48億個物聯網(Internet of Things,IoT)終端會被使用,與2018年相比增長21.5%。儘管物聯網為各行各業引進更多創新和服務的機會,但也帶來了新的網絡安全風險。 Palo Alto Networks的威脅情報團隊Unit 42利用Palo Alto Networks的物聯網保安產品Zingbox分析了美國IT企業和醫療機構數千個實際地點的120萬個物聯網設備。Unit 42識別出最重大的物聯網威脅,並為機構提供有助即時減少他們IT 環境中的物聯網風險的建議。 《[Unit 42 2020年物聯網威脅報告](https://start.paloaltonetworks.com/unit-42-iot-threat-report)》發現,物聯網設備的整體安全部署正在轉差,使組織容易遭受以物聯網為目標的新型惡意軟件以及被遺忘的舊式攻擊技術的入侵。 最值得注意的是,報告顯示83% 的醫學影像設備運行在已不再受支援的操作系統上,這使醫院機構遭受服務擾亂或洩露敏感醫療資訊攻擊的風險增加。此數字比2018年增長了56%,相信是由於Windows 7操作系統即將到期的原因。 ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/03/image002.png) 圖1:醫學影像設備的操作系統分類 **主要發現** 進行調查期間,Unit 42亦發現一些值得留意的新興趨勢 : * **98%** **的物聯網設備流量未加密**,使網絡上的個人及機密資料洩露,使攻擊者能夠聽取未加密的網絡流量,並收集個人或機密資料,放上暗網牟利。 * **對醫療機構而言,** **51%** **的威脅涉及影像設備**,這影響醫療服務的質素,並使攻擊者能夠竊取儲存在這些設備上的患者資料。 * **72%** **的醫療虛擬區域網路(** **Virtual Local Area Network** **,** **VLAN** **)混合物聯網和** **IT** **設備**,令惡意軟件可以從用戶的電腦感染同一網絡中缺乏保護的物聯網設備。 重大的物聯網威脅 網絡威脅不斷演化,並以全新先進和規避等技術針對物聯網設備進行攻擊,例如透過點對點的命令和控制通訊以及蠕蟲般的自我傳播功能。 * **57%** **的物聯網設備易受中度或** **高** **強度攻擊**,使物聯網成為攻擊者唾手可得的目標。 * **41%** **的攻擊利用了設備的漏洞**,因為IT相關的攻擊會掃描通過網絡連接的設備,並嘗試利用已知的漏洞。 Unit 42發現,雖然物聯網設備因脆弱而容易成為目標,但這些設備往往是被用作攻擊網絡上其他系統的墊腳石。此外,Unit 42發現由於製造商設置的密碼薄弱以及密碼安全性實踐不佳,使密碼相關的物聯網設備攻擊仍然普遍。 Unit 42的研究人員還察覺到,攻擊者的主要動機從在殭屍網絡通過物聯網設備進行DDoS攻擊,改為通過蠕蟲般的病毒功能在網絡傳播惡意軟件,使攻擊者可以使用惡意程式碼進行各種新型攻擊。 **減少物聯網** **漏洞** **的方法** 隨著採用物聯網的趨勢持續顯著提高,機構需要為制定強大的物聯網安全策略作準備。 以下的措施則可以即時實行以減低物聯網威脅: 1\. 了解你的風險,識別網絡上的物聯網設備。 2\. 修補打印機和其他易於修補的設備的保安漏洞。 3\. 把物聯網設備分隔到不同的網絡段(VLAN)。 4\. 主動監測。 如欲獲取更多此研究和最佳實踐措施的資訊,請下載完整的《[Unit 42 2020年物聯網威脅報告](https://start.paloaltonetworks.com/unit-42-iot-threat-report)》。 *** ** * ** *** ## Related Blogs ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### Strata Copilot - 加速邁向自發性網路安全性的未來](https://www2.paloaltonetworks.com/blog/network-security/introducing-strata-copilot/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 醫療企業是勒索軟體攻擊者的首要目標](https://www2.paloaltonetworks.com/blog/2021/10/healthcare-organizations-are-the-top-target/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 適用於 5G 的零信任:實現安全的數位轉型](https://www2.paloaltonetworks.com/blog/2021/10/zero-trust-for-5g-digital-transformation/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 網路攻擊鎖定金融服務企業的 3 個原因以及防禦方式](https://www2.paloaltonetworks.com/blog/2021/10/financial-services-cyberattacks/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 連續 7 年提供出色的客戶服務](https://www2.paloaltonetworks.com/blog/2021/10/delivering-outstanding-customer-service/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### Palo Alto Networks 研究:61% 的企業難以確保在家工作的遙距網絡安全](https://www2.paloaltonetworks.com/blog/2021/09/state-of-hybrid-workforce-security-2021/?lang=zh-hant) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language