A new report out this week from Zscaler ThreatLabz finds a 400 percent increase in internet of things (IoT) and operational technology (OT) malware attacks since 2022, underscoring the need for better zero trust security to protect critical infrastructures.
The Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report, released on Oct. 24, finds that the manufacturing and education sectors were targeted the most during the time the study was conducted – with education institutions experiencing nearly a 1,000 percent increase in attacks. The cloud security company also uncovered that the United States is one of the most targeted countries.
This year’s report provides an in-depth look at malware activity over a six-month period, between January and June 2023, analyzing approximately 300,000 blocked attacks on IoT devices secured by the Zscaler Zero Trust Exchange platform.
With the steady adoption of IoT and personal connected devices, the report found an increase of over 400 percent in IoT malware attacks compared to the study done at the same time last year. The growth in cyber threats demonstrates cyber criminals’ persistence and ability to adapt to evolving conditions in launching IoT malware attacks, the report says.
“Weak enforcement of security standards for IoT device manufacturers coupled with the proliferation of shadow IoT devices at the enterprise level poses a significant threat to global organizations. Often, threat actors target ‘unmanaged and unpatched’ devices to gain an initial foothold into the environment,” Zscaler’s Global Chief Information Security Officer Deepen Desai said.
According to Zscaler, manufacturing and retail accounted for nearly 52 percent of IoT device traffic, with 3D printers, geolocation trackers, industrial control devices, automotive multimedia systems, data collection terminals, and payment terminals sending the majority of signals over digital networks.
However, the quantity of device traffic has created opportunities for cybercriminals, and the manufacturing sector now sees an average of 6,000 IoT malware attacks every week, the report finds. Moreover, these substantial IoT malware attacks can disrupt critical OT processes, which are integral in many industrial manufacturing plants like automotive, heavy manufacturing, and plastic and rubber.
According to Zscaler, education is another sector that suffered from outsized attention from cybercriminals in 2023, with the propagation of unsecured as well as shadow IoT devices within school networks providing attackers with easier access points.
“The wealth of personal data stored on their networks has made educational institutions particularly attractive targets, leaving students and administrations vulnerable,” the 39-page report says.
Finally, findings from Zscaler show that the United States is a top target for IoT malware authors with 96 percent of all IoT malware distributed from compromised IoT devices in the United States.
“To address these challenges, I encourage organizations to enforce zero trust principles when securing IoT and OT devices – never trust, always verify, and assume breach,” Zscaler’s Desai said. “Organizations can eliminate lateral movement risk by utilizing continuous discovery and monitoring processes to segment these devices.”