Thanks to a study by Zscaler, we find that Internet of Things devices are a major source of security breaches. An increase of more than 700% of specific malware for the IoT and the more “talkative” devices.
More advanced security protocols are needed for the Internet of Things
Thanks to a study by Zscaler, leader in cloud security, we now know the status of IoT devices connected to corporate networks. The survey refers in particular to the first pandemic period, the one in which companies found themselves having to rapidly and widely adopt teleworking. The new study analyzed more than 575 million device transactions and 300,000 malware attacks aimed specifically against IoT devices. The data is alarming: a 700% increase compared to the pre-pandemic results.
These attacks targeted 553 different types of devices (printers, digital signage solutions and smart TVs) all connected to corporate IT networks. All while many employees were smart working during the COVID-19 pandemic. The Zscaler ThreatLabz research team has identified the most vulnerable IoT devices. It also identified the origins and families of malware responsible for most of the malicious traffic.
“For more than a year, most of the corporate offices were mostly unused. However, our service teams found that despite the lack of employees in the office, corporate networks were still buzzing with IoT activities, ”he said. Deepen Desai, CISO di Zscaler who then continued: “The volume and variety of IoT devices connected to corporate networks is vast and includes different types of devices, from music lamps to IP cameras. 76% of these devices still communicate on unencrypted text channels, which means that IoT transactions represent a great risk for companies ”.
The most vulnerable IoT devices
Out of more than half a billion IoT device transactions, Zscaler has identified 553 different devices from 212 manufacturers. 65% of these fell into three categories: set-top box (29%), smart TV (20%) e smartwatch (15%). Most of the traffic came from devices used in manufacturing and retail. 59% of all transactions included 3D printers, geolocators, barcode scanners and payment terminals. Corporate devices ranked second, with 28% of movements, followed by healthcare devices with nearly 8% of traffic.
ThreatLabz also discovered a number of Internet of Things devices that unexpectedly connect to the cloud. These included smart fridges and music lamps that were still sending traffic across corporate networks.
Whose fault is it?
The ThreatLabz team also carefully examined the specific IoT malware activities tracked in the Zscaler cloud. A total of 18,000 unique hosts and approximately 900 unique payload deliveries were observed over a 15-day period. The Gafgyt and Mirai malware families were the two families most detected by ThreatLabz, accounting for 97% of the 900 unique payloads.
The top three nations targeted by IoT attacks were Ireland (48%), the United States (32%) and China (14%). Most compromised IoT devices, nearly 90%, have been observed sending data back to servers in one of three countries: China (56%), United States (19%) or India (14%).
Internet of Things devices: how to protect yourself from attacks
As the list of Internet of Things devices grows every day, it’s nearly impossible to stop them from joining the company. IT teams should implement access policies that prevent these devices from serving as open doors to the most sensitive corporate data. These policies and strategies can be employed whether IT teams (or other employees) are on-site or not. ThreatLabz recommends the following tips to mitigate the IoT malware threat, on both managed and BYOD devices:
- Have visibility into network devices. Deploy solutions that review and analyze network logs to monitor all devices communicating across the network.
- Change all default passwords. Password checking may not always be possible. However, a critical first step should be to update passwords and implement two-factor authentication.
- Update and patch regularly. Many industries, especially manufacturing and healthcare, rely on IoT devices for their daily workflows; you need to be up to date on any new vulnerabilities that are discovered and keep device security up to date with the latest patches.