14 DAY TRIAL // A new study by cybersecurity company Zscaler reveales a disturbing fact, namely a 700% rise of cyberattacks on IoT devices. During two weeks in December 2020, security professionals examined the traffic to determine how much of it was malicious and what it accomplished.
Cybercriminals were well aware that the COVID-19 epidemic would leave many corporate offices without workers in 2020 and far into 2021, and they planned accordingly. Even though there were no workers in the offices, there was still a lot going on.
Various kinds of equipment, such as networked printers, digital signage, smartwatches, and other Internet of Things devices, were left behind in the offices. Most of them were still linked to the network and were waiting for commands, executing tasks, and updating information while also waiting for instructions. Not to mention that a large number of DVR and CCTV devices are quite likely to contact the command and control server of a botnet.
The source of most of the cyberattacks mostly originated from India, China, and the United States, whereas China, the United States, and Ireland were the countries with the most targeted Internet of Things devices. About 98% of IoT attack victims worked in the healthcare, retail & wholesale, manufacturing, and technology sectors.
Malware may easily infiltrate DVR and CCTV systems with outdated software
900 distinct payloads to 18,000 unique hosts were discovered and malicious software was found on devices from over 70 different manufacturers. Mirai (34.1%) and Gafgyt (63.1%) were the overwhelming majority of unique payloads (97%). Gafgyt payloads made up just 5% of the attacks, while Mirai payloads were responsible for 76% of attacks.
Only 24% of IoT devices are currently transmitting data in an encrypted manner. It is estimated that 50% of the time, SSL encryption was used in the health care sector. The use of SSL encryption on corporate devices was just 2.7%.
Zscaler offers guidelines on defending against IoT malware, such as implementing a zero-trust security architecture, regular patching and updates, changing default passwords, and monitoring and managing network devices.