L ‘The Internet of things It is not secure, but, on the contrary, can easily become a target and a means of cyberattacks. The warning is certainly not new, because the rising risks associated with the Internet of Things have been talked about for some time, but today a study on Zscaler (“IoT in the Enterprise: Empty Office Edition”) backs this up with troubling facts and figures. In just two weeks, between December 15 and December 31, 2020, the Zscaler platform processed 575 million transactions on corporate physical networks, detecting nearly 300,000 attempts based on IoT malware-based attacks, exploits, command-and-control, and communications. The number represents a 700% more than pre-pandemic statsThere is a reason: the attacks were targeted 553 different types of devices, Including printers, digital signage solutions and smart TVs, all connected and communicated with companies’ IT networks while many employees were working remotely during the lockdowns.
So empty offices have not deterred cybercriminals from targeting companies’ IT assets and data – far from it. “For more than a year, most corporate offices were mostly unused, as employees continued to work remotely during the COVID-19 pandemic.‘ commented Deepen Desi, Information Security Officer de Zscaler. “However, our service teams found that despite the lack of staff in the office, Corporate networks were still bustling with IoT activity. The size and variety of IoT devices connected to corporate networks is large and includes different types of devices, from music lights to IP cameras. Our team found that 76% of these devices still communicate over unencrypted plaintext channels, which means that most IoT transactions pose a significant risk to businesses.“.
IoT devices most at risk
Of more than half a billion transactions on IoT devices, Zscaler’s ThreatLabz team identified 553 different devices from 212 manufacturers, with clear dominance in three product categories: decoding (29% of the total), Smart TV (20%) e smart watch (15th%). However, the risks are concentrated on the devices that businesses use, while IoT objects used for entertainment (smart speakers, smart TVs) and for home automation log fewer traffic.
In particular, 59% of the traffic detected in the two weeks came from IoT devices used in the manufacturing and retail sectors: 3D printers, geolocation systems and automotive multimedia systems, data collection stations such as barcode readers NS Payment terminals. Corporate devices came in second with 28% of traffic, followed by healthcare devices with around 8% of traffic. Researchers also discovered, unexpectedly, that devices such as smart refrigerators NS Musical lights They connect to the cloud and send traffic through corporate networks.
The most famous malware for the Internet of things and its targets
Malware families Javit NS mirai The two families were the most discovered by ThreatLabz, so much so that they account for 97% of the 900 unique payloads. This is malware that hijacks IoT devices to create botnets – networks of controlled objects and use them to spread other malware, perform DDoS attacks, or send spam.
In December 2020, the countries most targeted for IoT attacks wereIreland (48%), the United States (32%), and China (14%). Where did the attackers work? Mainly from three countries, namely China (56% of malicious IoT traffic was routed), the United States (19%), and India (14%).
How to defend yourself from the dangers associated with the Internet of Things? Zscaler recommends having full view On network devices, from Change default passwords from hardware, from Update software and install patches Regularly, and finally to apply strict policies to get‘Don’t trust’ security architecture.
“Evil zombie trailblazer. Troublemaker. Web enthusiast. Total music fan. Internet junkie. Reader. Tv guru.”