Since last year, IoT malware attacks have increased by 400 percent. This is proven by the new ZscalerTM ThreatLabz 2023 Enterprise IoT and OT Threat Report. Also important: The manufacturing and education sectors are the hardest hit.
This year's ZscalerTM ThreatLabz 2023 Enterprise IoT and OT Threat Report provides a detailed look at malware activity over six months, analyzing approximately 300.000 blocked attack attempts on IoT devices blocked by the Zscaler Zero Trust Exchange™ platform. The high number of attacks on IoT devices has led to a 400 percent increase compared to the previous year. The growing frequency of malware attacks on IoT environments poses a significant security concern for operational technology (OT), as the mobility of malware across different networks can put critical infrastructure at risk.
Steady increase in IoT malware attacks
With the increasing adoption of IoT and personal, connected devices, the report found an increase of over 400 percent in IoT malware attacks compared to the previous year. The growth of cyber threats shows that cybercriminals are responding to changing conditions when carrying out IoT malware attacks.
The study shows that cybercriminals specifically exploit older vulnerabilities. Of the 39 most popular IoT exploits, 34 specifically target vulnerabilities that have been known for at least three years. The two malware families Mirai and Gafgyt continue to account for 66 percent of attack payloads, which form botnets from infected IoT devices, which in turn are used specifically for distributed denial-of-service (DDoS) attacks on lucrative companies. Botnet-driven DDoS attacks are responsible for billions of dollars in losses across various industries worldwide. Additionally, DDoS attacks pose a risk to OT as they can potentially disrupt critical industrial processes and even endanger human lives.
Manufacturing is a top target and education is being taught a lesson
The manufacturing and retail industries account for 52 percent of IoT device traffic. 3D printers, geolocation trackers, industrial control devices, automotive multimedia systems, data collection terminals and payment terminals are the main signal providers of data traffic in digital networks. However, the volume of data traffic has also created opportunities for cybercriminals, who are targeting the manufacturing sector with an average of 6.000 IoT malware attacks per week.
Additionally, these IoT malware attacks can disrupt critical OT processes that play an important role in many industrial manufacturing operations such as automotive, heavy manufacturing, and plastics and rubber. This poses long-term challenges for security teams in manufacturing companies and also shows that Industrial IoT has a significant lead in the use of IoT devices. The increase in attacks, nearly three times more than other industries, is significant as manufacturing companies continue to use IoT tools to automate and digitize existing infrastructure.
Defend IoT malware attacks
Education will increasingly be the focus of cybercriminals in 2023, as unsecured and shadow IoT devices on networks offer attackers easier access. In particular, the abundance of personal data stored on the networks makes educational institutions attractive targets, leaving students and administration vulnerable. According to the study, IoT malware attacks in the education sector have increased by almost 1000 percent.
The Zscaler Zero Trust Exchange platform provides a comprehensive approach to Zero Trust-based security. The platform verifies identity and context, applies access controls, and enforces policies before brokering a secure connection between a device and an application from anywhere, on any network. Protecting corporate networks uses Zscaler Internet Access™ (ZIA™), a cloud-based service whose identity-driven access controls risk-based, comprehensive security for the exchange of telemetry data between IoT devices and corporate networks.
Zero Trust Exchange Platform
The security of corporate networks is also ensured using the Zero Trust Exchange platform and the Privileged Remote Access Service. This service allows remote workers and third-party providers clientless remote desktop access to sensitive RDP, SSH, and VNC production systems without having to install a client on unmanaged devices or log in to Jump Hosts and VPNs. This means that remote employees or third-party providers can access OT devices for maintenance purposes without compromising the security of the network or associated infrastructure.
Methodology
The research methodology for this report includes analysis of device logs from a variety of sources and verticals between January and June 2023. The report uses data from customer deployments connected to Zscaler's global security cloud. The security cloud processes over 500 trillion signals daily and blocks nine billion threats and policy violations per day. Over 250.000 security updates are carried out every day.
Go directly to the report on Zscaler.com
About Zscaler Zscaler accelerates digital transformation so customers can become more agile, efficient, resilient, and secure. Zscaler Zero Trust Exchange protects thousands of customers from cyberattacks and data loss by securely connecting people, devices, and applications anywhere. The SSE-based Zero Trust Exchange is the world's largest inline cloud security platform, distributed across 150+ data centers around the world.