A new study that was released claims that in only one year, malware assaults against Internet of Things (IoT) and Operational Technology (OT) devices have quadrupled. The “Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report” shows that IoT malware threats have increased by almost 400% in the past year.
The paper emphasizes the persistent nature of cyber threat actors by analyzing around 300,000 prevented attacks on IoT devices over a six-month period. It indicates that legacy vulnerabilities are the main targets for attackers. Thirty-four of the 39 most widely used IoT exploits took advantage of vulnerabilities in these devices that have been there for at least three years. Threat actors attempted to use the popular malware families Mirai and Gafgyt, which prey on weak devices to build botnets for distributed denial of service (DDoS) attacks, which happen when hackers overload a web server with excessive amounts of traffic, in 66% of all attacks.
The growth of unmanaged and unpatched devices at the corporate level, along with the lax enforcement of security requirements for IoT device manufacturers, represent serious threats to international organizations, according to Deepen Desai, Global CISO and Head of Security Research at Zscaler. Threat actors frequently target these devices in an effort to get first access to an environment.
The paper also emphasizes the financial cost of botnet-driven DDoS attacks, which result in losses to global enterprises totaling billions of dollars. Furthermore, these attacks put OT at risk by possibly interfering with vital industrial operations and putting lives in jeopardy.
Additionally, manufacturing and retail businesses account for more than half of all IoT device traffic. These businesses use a variety of devices that transmit signals over digital networks, including data collection terminals, payment terminals, industrial control devices, 3D printers, geo-location trackers, and automotive multimedia systems. Because it contains sensitive data, the education sector has witnessed a nearly 1000% spike in IoT malware assaults, compared to the industrial sector, which sees an average of 6,000 attacks each week.
With 46% of cases, Mexico led the group, followed by Brazil and Colombia. Ninety-six percent of IoT malware is distributed by Americans from hacked devices. IoT assaults are also steadily increasing in India. An additional analysis released in August by the cyber security company SonicWall shows that the first half of 2023 would see a spike in ransomware and IoT cyberattacks in India. According to the survey, ransomware attacks decreased in nations like the US and the UK, but increased 133% in India and 52% in Germany.