IoT, OT malware see a huge rise this year: Report

Malware attacks against Internet of Things (IoT) and Operational Technology (OT) devices have increased fourfold in a year, according to a new research report published on Wednesday. The report, titled "Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report," reveals a more than 400% increase in IoT malware attacks year-over-year. 
 
The report, which analysed approximately 300,000 blocked attacks on IoT devices over a six-month period, highlights the relentless nature of cyber threat actors. It reveals that attackers are primarily targeting legacy vulnerabilities. Out of the 39 most popular IoT exploits, 34 exploited flaws that have existed in these devices for at least three years. In 66% of all attacks, threat actors attempted to deploy Mirai and Gafgyt, popular malware families that take advantage of vulnerable devices to create botnets for distributed denial of service (DDoS) attacks, which occurs when hackers disrupt the normal traffic of a web server by overwhelming it with large volumes of Internet traffic. 
 
Deepen Desai, Global CISO and Head of Security Research at Zscaler, warns that weak enforcement of security standards for IoT device manufacturers, combined with the proliferation of unmanaged and unpatched devices at the enterprise level, poses a significant threat to global organisations. These devices are often targeted by threat actors to gain initial access to an environment. 
 
The report also highlights the financial impact of botnet-driven DDoS attacks, which cause billions of dollars in losses across industries worldwide. Additionally, these attacks pose risks to OT by potentially disrupting critical industrial processes and endangering lives. 
 
Furthermore, over half of IoT device traffic comes from manufacturing and retail companies, with various devices such as 3D printers, geo-location trackers, industrial control devices, automotive multimedia systems, data collection terminals, and payment terminals sending signals over digital networks. The manufacturing sector experiences an average of 6,000 IoT malware attacks per week, while the education sector has seen a nearly 1000% increase in IoT malware attacks due to the sensitive information it stores. 
 
Mexico had the highest number of infections at 46%, followed by Brazil and Colombia. The United States is responsible for distributing 96% of IoT malware from compromised devices. India is also seeing a steady rise in IoT attacks. Another report published in August by cyber security firm SonicWall highlights a surge in ransomware and IoT cyber-attacks in India during the first half of 2023. While countries like the US and the UK experienced a decline in ransomware attacks, India saw a 133% increase, and Germany saw a 52% increase, the report said.