The worldwide count of connected IoT devices is set to exceed 29 billion by 2027, a significant surge from 16.7 billion in 2023. While this proliferation of devices and smart technology brings immense potential, it also opens doors for cybercriminals to exploit, potentially leading to inconvenient or even devastating consequences. In the first half of 2023 alone, there was a staggering 400% surge in IoT malware attacks compared to the previous year, reveals the Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report.
Top IoT malware families
Mirai and Gafgyt continue to dominate the landscape of IoT malware attacks. Mirai alone accounted for 91% of blocked transactions, encompassing payloads, payload URLs, and command and control (C2) communications. In terms of blocked payloads, Mirai and Gafgyt contributed to 46% and 20% of blocks, respectively. These findings align with the reported uptick in IoT botnet-driven distributed denial-of-service (DDoS) attacks, resulting in an estimated global financial loss of $2.5 billion in the first half of 2023.
Upon analyzing malicious binaries (executable files), it was observed that 31% of them contained at least one exploit. Altogether, 39 distinct vulnerabilities were exploited by various payloads. Command injection emerged as the most leveraged Common Weakness Enumeration (CWE) category, accounting for nearly 75% of the vulnerabilities.
Manufacturing industry is the most impacted by malware
The manufacturing sector faced more than triple the number of attacks compared to any other sector on an average week, with manufacturing customers bearing the brunt of IoT malware attacks (54.5%). The food, beverage, tobacco sector and education sector follow, experiencing 16.5% and 14.1% of attacks, respectively.
Education has witnessed a staggering 961% surge in IoT malware attacks, underpinned by the proliferation of unsecured IoT devices within school networks, offering attackers easier access points.
US is the most targeted country while Mexico is the most infected
Mexico emerges as the most infected country, with 46.1% of IoT malware infections. Interestingly, three of the top four most infected countries (Mexico, Brazil, and Colombia) hail from Latin America. Although adoption rates are generally slower compared to regions like Asia and Europe, Latin America is poised to see a surge in IoT connections, projected to reach 1.3 billion by 2025, up from approximately 800 million today.
The United States ranks as a prime target for IoT malware authors, with 96% of all IoT malware emanating from compromised IoT devices within the country.
Higher data speeds and reduced latency will continue to propel the proliferation of connected devices. As 5G adoption accelerates, so too will the attack surface for IoT and operational technology (OT).
Best practices for IoT malware protection
- Maintain Clear Visibility of IoT Devices: Understand what devices are connected to your network and monitor their communications and activity using solutions that analyze network logs.
- Safeguard Admin Credentials and Enable MFA: Implement multi-factor authentication (MFA) to add an extra layer of security and prevent unauthorized access to user accounts.
- Stay Vigilant with Patching: Ensure that IoT devices are promptly updated and patched to address any new vulnerabilities that may arise.
- Enforce an IoT Security Framework: Limit IoT devices’ access to the network, ensuring they can only connect to the necessary sites and servers. This can be achieved through a zero trust architecture.
- Provide Training on IoT Device Security: Educate employees on the risks of connecting unauthorized devices to the network and conduct security awareness training to help them identify and prevent attacks.
- Inspect Encrypted Traffic: Regularly inspect encrypted traffic to prevent attackers from compromising systems through these channels.
- Implement a Zero Trust Security Architecture: Eliminate implicit trust and enforce segmentation with least privileged access to ensure users and devices can only access what they need. Unsanctioned shadow IoT devices should undergo traffic inspection and ideally be blocked from corporate data via a proxy.
Featured image credit: Image by Freepik