IoT Malware Poses Big Threat to Corporate Networks, Finds Study

Businesses have seen a 700% increase in IoT-specific malware in the last 12-18 months, according to a new report. Released by cloud security company Zscaler revealed that attackers launched unprecedented waves of attacks against IoT devices that office workers essentially abandoned when they moved to a remote working environment.

“For more than a year, most corporate offices have stood mostly abandoned as employees continued to work remotely during the COVID-19 pandemic. However, our service teams noted that despite a lack of employees, enterprise networks were still buzzing with IoT activity,” said Deepen Desai, CISO of Zscaler.

The devices attackers targeted not only office equipment such as networked printers, digital signage and IP cameras, but stretched to smart watches, TVs and automobiles, and many other IoT devices. The researchers also discovered a number of unexpected devices connecting to the cloud, including smart refrigerators and musical lamps that were still sending traffic through corporate networks.

Desai said, “Threat actors took notice, and many attempted to take advantage. In the midst of the enormous global shift to work-from-anywhere, our team saw 76 percent of these devices still communicating on unencrypted plain text channels, meaning that a majority of IoT transactions pose great risk to the business. That translates to a staggering 833 IoT malware blocked every hour.

Out of over half a billion IoT device transactions, Zscaler identified 553 different devices from 212 manufacturers, 65 percent of which fell into three categories: set-top boxes (29 percent), smart TVs (20 percent), and smartwatches (15 percent). The home entertainment & automation category had the greatest variety of unique devices but they accounted for the least number of transactions when compared to manufacturing, enterprise, and healthcare devices.

Technology companies saw the highest rate of attack from IoT malware, comprising 40 percent of infections. The next-most targeted industries were manufacturing (28 percent) and retail and wholesale (24 percent).

Most traffic came from devices in manufacturing and retail industries – 59 percent of all transactions were from devices in this sector and included 3D printers, geo-location trackers, automotive multimedia systems, data collection terminals like bar-code readers, and payment terminals. Enterprise devices were the second most common, accounting for 28 percent of transactions, and healthcare devices followed at nearly 8 percent of traffic.

According  to the Zscaler cloud report, nearly 60 percent of the attacks came out of China (56 percent), the United States (19 percent), or India (14 percent). Also, malware families Gafgyt and Mirai were the two most common families encountered by the researchers, accounting for 97 percent of the 900 unique payloads. These two families are known for hijacking devices to create botnets – large networks of private computers that can be controlled as a group to spread malware, overload infrastructure, or send spam.

 How can organisations protect themselves?

According to Desai, “As the list of “smart” devices out in the world grows on a daily basis, it’s almost impossible to keep them from entering your organization. Rather than trying to eliminate shadow IT, internal cyber security teams should enact access policies that keep these devices from serving as open doors to the most sensitive business data and applications.”

These policies and strategies can be employed whether or not IT teams (or other employees) are on-premises, says Zscaler researchers. They further recommend the following tips to mitigate the threat of IoT malware, both on managed and BYOD devices:

• Gain visibility into all your network devices.Deploy solutions able to review and analyse network logs to understand all devices communicating across your network and what they do
• Change all default passwords. Password control may not always be possible, but a basic first step for deploying corporate-owned IoT devices should be to update passwords and deploy two-factor authentication
• Update and patch regularly. Many industries—particularly manufacturing and healthcare—rely on IoT devices for their day-to-day workflows. Make sure you stay apprised of any new vulnerabilities that are discovered, and that you keep device security up-to-date with the latest patches.
• Implement a zero trust security architecture. Enforce strict policies for your corporate assets so that users and devices can access only what they need, and only after authentication. Restrict communication to relevant IPs, ASNs, and ports needed for external access.Unsanctioned IoT devices that require internet access should go through traffic inspection and be blocked from all corporate data, ideally through a proxy. The only way to stop shadow IoT devices from posing a threat to corporate networks is to eliminate implicit-trust policies and tightly control access to sensitive data using dynamic identity-based authentication.