Security Market Segment LS
Friday, 16 July 2021 14:02

IoT malware is accessing corporate networks: Zscaler

By

A study conducted by cloud security vendor Zscaler found there was a 700% increase in IoT-specific malware attacks in December 2020 compared with the pre-pandemic period.

Zscaler's IoT in the Enterprise: Empty Office Edition  report features an analysis of more than 575 million device transactions and 300,000 IoT-specific malware attacks blocked by the company during two weeks in December 2020.

That was a 700% increase compared with pre-pandemic findings.

The attacks targeted 553 different device types from 212 manufacturers, including printers, digital signage and smart TVs – all of which were communicating with corporate IT networks while employees were working remotely.

65% of the devices were in just three categories: set-top boxes (29%), smart TVs (20%), and smartwatches (15%).

Most of the traffic (59%) came from devices in manufacturing and retail industries (eg, 3D printers, geolocation trackers, automotive multimedia systems, barcode readers, and payment terminals), with enterprise devices accounting for 28% of transactions, followed by healthcare devices (nearly 8%).

But Zscaler ThreatLabz discovered some unexpected devices were sending traffic though corporate networks, including smart refrigerators and musical lamps.

Roughly 900 unique payload deliveries were observed in 15 days timeframe. The Gafgyt and Mirai malware families – both associated with botnets – were the two most common, accounting for 97% of those payloads.

The most commonly targeted nations were Ireland (48%), the US (32%), and China (14%).

Nearly 90% of compromised IoT devices were sending data to servers in just three countries: China (56%), the US (19%) and India (14%).

"For more than a year, most corporate offices have stood mostly abandoned as employees continued to work remotely during the COVID-19 pandemic. However, our service teams noted that despite a lack of employees, enterprise networks were still buzzing with IoT activity," said Zscaler CISO Deepen Desai.

"The volume and variety of IoT devices connected to corporate networks is vast and includes everything from musical lamps to IP cameras. Our team saw 76% of these devices still communicating on unencrypted plain text channels, meaning that a majority of IoT transactions pose great risk to the business."

According to Zscaler, organisations can mitigate the threat of IoT malware by following four steps.

• Deploy solutions able to review and analyse network logs to understand all devices communicating across your network and what they do.

• When deploying corporate-owned IoT devices, update the passwords and deploy two-factor authentication.

• Stay apprised of any new vulnerabilities that are discovered, and keep device security up-to-date with the latest patches.

• Implement a zero trust security architecture. Enforce strict policies for your corporate assets so that users and devices can access only what they need, and only after authentication. Restrict communication to relevant IPs, ASNs, and ports needed for external access. Unsanctioned IoT devices that require internet access should go through traffic inspection and be blocked from all corporate data, ideally through a proxy..

The full IoT in the Enterprise: Empty Office Edition report can be downloaded here.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments