Content, Content

IoT Hackers Target Millions of Devices in Pandemic, Report Says

In just two weeks in December, 2020, hackers attacked nearly 550 internet-facing devices, including printers, digital signage and smart televisions all connected to corporate networks, while many employees were working remotely during the COVID-19 panic.

Those incidents, which surfaced from Zscaler’s analysis of some 575 million device transactions and 300,000 malware attacks on Internet of Things (IoT) devices blocked by the cloud security provider’s technology during that fortnight, are chronicled in its new report IoT in the Enterprise: Empty Office Edition. Cyber crews were hard at work in those two weeks. The number of blocked attacks amounted to a 700 percent increase when compared to pre-pandemic findings, the San Jose, California-based Zscaler said.

Key findings from Zscaler ThreatLabz researchers include:

  • Technology, manufacturing, retail, and healthcare industries accounted for 98 percent of IoT malware attack victims.
  • Entertainment and home automation devices, including virtual assistants, pose the most risk.
  • Most IoT attacks originated in China, the U.S. and India.
  • The top three nations victimized by IoT attacks were Ireland, the U.S. and China.
  • Gafgyt and Mirai malware families accounted for 97 percent of the IoT malware.

“The volume and variety of IoT devices connected to corporate networks is vast and includes everything from musical lamps to IP cameras,” said Deepen Desai, Zscaler’s chief information security officer. “Our team saw 76 percent of these devices still communicating on unencrypted plain text channels, meaning that a majority of IoT transactions pose great risk to the business.”

Additional findings:

  • Of the roughly 500 million IoT device transactions in Zscaler’s study tied to 553 different devices from 212 manufacturers, 65 percent segmented into three categories: set-top boxes (29 percent), smart TVs (20 percent), and smartwatches (15 percent).
  • Slightly less than 60 percent of all transactions were from devices in the manufacturing and retail industries, including 3D printers, geolocation trackers, automotive multimedia systems, barcode readers and payment terminals. Enterprise devices accounted for 28 percent of transactions while healthcare tools amounted to eight percent of traffic.
  • Malware families Gafgyt and Mirai, both of which use hijacked devices to create botnets, accounted for 97 percent of the 900 unique payloads.
  • IoT attacks were mostly aimed at Ireland (48 percent), the U.S. (32 percent) and China (14 percent).
  • Nearly 90 percent of compromised IoT devices sent data back to servers in China (56 percent), the U.S. (19 percent) or India (14 percent).

Zscaler recommends that IT teams enact these four policies to keep IoT devices from inviting hackers into the most sensitive business data and applications:

  1. Gain visibility into all your network devices. Review and analyze network logs to understand all devices communicating across your network and what they do.
  2. Change all default passwords. A basic first step for deploying corporate-owned IoT devices should be to update passwords and deploy two-factor authentication.
  3. Update and patch regularly. Stay apprised of any new vulnerabilities that are discovered, and that you keep device security up-to-date with the latest patches.
  4. Implement a zero trust security architecture. Eliminate implicit-trust policies and tightly control access to sensitive data using dynamic identity-based authentication.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.