While the work from home environment has increased, office buildings along with smart objects, digital signage, networked printers and many more IoT devices were connected to the network refreshing data, performing functions and awaiting commands.
According to the cloud security vendor Zscaler, attackers have took notice on this to take advantage, resulting in malware attacks. The company’s research report ‘IoT in the Enterprise: Empty Office Edition’ revealed 700 percent increase in IoT specific malware over pre-pandemic numbers. Zscaler ThreatLabz research team have analysed over 575 million device transactions and blocked more than 300,000 malware attacks on IoT devices during a two-week period in last December.
Countries waging the most malware attacks
The study noted, 88.5 percent of compromised IoT devices were found to be routing data back to servers in one of three countries: China (56 percent), the United States (19 percent), or India (14 percent). These are known as “malware destination” countries, and in each case they either delivered the malware directly or connected to it post-infection. Some attackers will set up command and control servers within the country that they are targeting, so the server location may not necessarily indicate the actual location of the attacker.
ThreatLabz also evaluated “source countries”—the targets of malware— based on the client IP address. The top nations victimised by IoT attacks were Ireland (48 percent), the United States (32 per cent), and China (14 per cent) followed by India (4 per cent), the study noted.
Most common devices
Looking at over a half a billion IoT device transactions, ThreatLabz identified 553 different device types from 212 manufacturers and sorted them into 21 categories. The three most common categories—accounting for almost 65 percent of total devices—were set-top boxes (29 percent), smart TVs (20 percent), and smart watches (15 percent).
Eleven percent of traffic from entertainment and home automation devices was headed to China and Russia. While much of this is legitimate, non-malicious traffic, these are destinations that ThreatLabz considers to be suspicious due to their potential for government spying and other data vulnerabilities. Almost all (99.9 percent) of this suspicious traffic had come from smart TVs and set-top boxes.
The key findings of the study includes:
- IoT malware on corporate networks has increased by 700 percent since our 2019 study, despite much of the global workforce working from home
- Entertainment and home automation devices posed the most risk due to their variety, low percentage of encrypted communication, and connections to suspicious destinations
- Gafgyt and Mirai—malware families popularly used in botnets—accounted for 97 percent of the IoT malware payloads blocked by the Zscaler cloud
- Technology, manufacturing, retail & wholesale, and healthcare industries accounted for 98 percent of IoT attack victims
- Most attacks originated in China, the United States, and India
- Most targets for IoT attacks were in Ireland, the United States, and China
Tracking and managing network devices, changing default passwords, regular patching and security software updates and implementing zero trust security architecture are few fundamentals the study mentions to defend against IoT malware. “As the list of “smart” devices out in the world grows on a daily basis, it’s almost impossible to keep them from entering your organization, so it’s critical to enact access policies that keep these devices from serving as an open door to your sensitive data and applications,” it states.