Zscaler's IoT in the Enterprise: Empty Office Edition report features an analysis of more than 575 million device transactions and 300,000 IoT-specific malware attacks blocked by the company during two weeks in December 2020.
That was a 700% increase compared with pre-pandemic findings.
The attacks targeted 553 different device types from 212 manufacturers, including printers, digital signage and smart TVs – all of which were communicating with corporate IT networks while employees were working remotely.
65% of the devices were in just three categories: set-top boxes (29%), smart TVs (20%), and smartwatches (15%).
Most of the traffic (59%) came from devices in manufacturing and retail industries (eg, 3D printers, geolocation trackers, automotive multimedia systems, barcode readers, and payment terminals), with enterprise devices accounting for 28% of transactions, followed by healthcare devices (nearly 8%).
But Zscaler ThreatLabz discovered some unexpected devices were sending traffic though corporate networks, including smart refrigerators and musical lamps.
Roughly 900 unique payload deliveries were observed in 15 days timeframe. The Gafgyt and Mirai malware families – both associated with botnets – were the two most common, accounting for 97% of those payloads.
The most commonly targeted nations were Ireland (48%), the US (32%), and China (14%).
Nearly 90% of compromised IoT devices were sending data to servers in just three countries: China (56%), the US (19%) and India (14%).
"For more than a year, most corporate offices have stood mostly abandoned as employees continued to work remotely during the COVID-19 pandemic. However, our service teams noted that despite a lack of employees, enterprise networks were still buzzing with IoT activity," said Zscaler CISO Deepen Desai.
"The volume and variety of IoT devices connected to corporate networks is vast and includes everything from musical lamps to IP cameras. Our team saw 76% of these devices still communicating on unencrypted plain text channels, meaning that a majority of IoT transactions pose great risk to the business."
According to Zscaler, organisations can mitigate the threat of IoT malware by following four steps.
• Deploy solutions able to review and analyse network logs to understand all devices communicating across your network and what they do.
• When deploying corporate-owned IoT devices, update the passwords and deploy two-factor authentication.
• Stay apprised of any new vulnerabilities that are discovered, and keep device security up-to-date with the latest patches.
• Implement a zero trust security architecture. Enforce strict policies for your corporate assets so that users and devices can access only what they need, and only after authentication. Restrict communication to relevant IPs, ASNs, and ports needed for external access. Unsanctioned IoT devices that require internet access should go through traffic inspection and be blocked from all corporate data, ideally through a proxy..
The full IoT in the Enterprise: Empty Office Edition report can be downloaded here.