IoT Malware Attacks Jump 400% Since 2022, Report

Risk from IoT-specific malware is on the rise, as industries and consumers alike increasingly turn to connected devices, according to a new ZScaler report. 

The report, which tracked trends in the IoT cybersecurity landscape, found that as IoT devices themselves become increasingly popular, with industrial and enterprise sectors increasingly deploying these tools, the threat of attack is also rising. 

Results from the report also found several key changes have occurred in IoT malware over the past year. 

Findings showed IoT device traffic increased by 18% since 2022 as consumer and industry users increasingly deploy connected devices. As a result, IoT malware attacks have grown 400% since 2022.

The report also identified that cybercriminals are predominantly targeting legacy vulnerabilities, with 34 of the 39 most popular IoT exploits aimed at vulnerabilities that have existed for over three years.

The manufacturing industry was the primary target for malware attacks, though education also saw a jump in attacks over the past year – with a 961% increase.

Businesses in Mexico and the United States were found to be the most targeted, making up 69.3% of IoT cyberattacks.

“The increasing frequency of malware attacks targeting IoT devices is a significant concern for OT security,” the report said. “As the mobility of malware can facilitate movement across different networks, potentially endangering critical OT infrastructure.”

Related:Industrial Metaverse Will ‘Transform’ Manufacturing, Deloitte Report

This threat is only expected to continue rising as connected devices proliferate across industries. According to ZScaler, a solution is to adopt a “zero-trust architecture” to enable greater device visibility. 

“Weak enforcement of security standards for IoT device manufacturers coupled with the proliferation of shadow IoT devices at the enterprise level poses a significant threat to global organizations,” said Deepen Desai, Zscaler’s head of security research. “Often, threat actors target ‘unmanaged and unpatched’ devices to gain an initial foothold into the environment,

“To address these challenges, I encourage organizations to enforce zero trust principles when securing IoT and OT devices – never trust, always verify and assume breach. Organizations can eliminate lateral movement risk by utilizing continuous discovery and monitoring processes to segment these devices.”