Manufacturing and education are most targeted by malware

/in


The Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report says the increasing frequency of malware attacks targeting IoT devices is a significant concern for OT security, as the mobility of malware can facilitate movement across different networks, potentially endangering critical OT infrastructure.

Deepen Dasai

“Weak enforcement of security standards for IoT device manufacturers coupled with the proliferation of shadow IoT devices at the enterprise level poses a significant threat to global organisations. Often, threat actors target ‘unmanaged and unpatched’ devices to gain an initial foothold into the environment,” said Deepen Desai, global CISO and head of security research at Zscaler.

He encourages organisations to enforce zero trust principles when securing IoT and OT devices – never trust, always verify, and assume breach. “Organisations can eliminate lateral movement risk by utilizing continuous discovery and monitoring processes to segment these devices,” he continued.

Consistent growth in attacks

With the steady adoption of IoT and personal connected devices, the report found an increase of over 400% in IoT malware attacks year-over-year. The growth in cyber threats demonstrates cyber criminals’ persistence and ability to adapt to evolving conditions in launching IoT malware attacks.

Additionally, research indicates that cybercriminals are targeting legacy vulnerabilities, with 34 of the 39 most popular IoT exploits specifically directed at vulnerabilities that have existed for over three years.

Source: Zscaler 2023

The Mirai and Gafgyt malware families continue to account for 66% of attack payloads, creating botnets from infected IoT devices that are then used to launch denial-of-service (DDoS) attacks against lucrative businesses.

Botnet-driven distributed DDoS attacks are responsible for billions of dollars in financial losses across industries around the globe. In addition, DDoS attacks pose a risk to OT by potentially disrupting critical industrial processes and even endangering human lives.

Industries favoured by attackers

Manufacturing and retail accounted for nearly 52% of IoT device traffic, with 3D…

Source…