Zscaler released a study investigating the state of IoT devices that remain on the corporate network during the company’s forced migration to a remote work environment.
The report analyzes more than 575 million device transactions and 300,000 IoT-specific malware attacks that were blocked in two weeks in December 2020 – an increase of 700% compared to the results of the survey before the epidemic. These attacks targeted 553 different types of devices, including printers, digital signage, and smart TVs. All of these devices were connected to and communicated with corporate IT networks, and many employees worked remotely during the epidemic.
The research team identified the most vulnerable IoT devices, the most common attack sources and destinations, and the malware family responsible for most of the malicious traffic to better help companies protect their valuable data.
“For more than a year, as employees continued to work remotely during the epidemic, most corporate offices were mostly abandoned. However, our service team noticed that despite the lack of employees, the corporate network is still buzzing with IoT activities,” Said Deepen Desai, CISO of Zscaler.
“The number and variety of IoT devices connected to the corporate network is huge, including everything from music lights to IP cameras. Our team found that 76% of these devices are still communicating over unencrypted plain text channels. This means that most IoT transactions pose a huge risk to the business.”
Which IoT devices are most vulnerable to malware threats?
In more than 5 billion IoT device transactions, 553 different devices from 212 manufacturers were identified, of which 65% were divided into three categories: set-top boxes (29%), smart TVs (20%), and smart watches (15%) ).
The home entertainment and automation category has the largest variety of unique devices, but they have the fewest number of transactions compared to manufacturing, corporate, and healthcare devices.
Most traffic comes from equipment in the manufacturing and retail industries-59% of transactions come from equipment in this industry, including 3D printers, geolocation trackers, automotive multimedia systems, data collection terminals (such as barcode readers), and payment terminals.
Enterprise equipment ranked second, accounting for 28% of transactions, followed by medical equipment, accounting for nearly 8% of traffic.
Many unexpected devices connected to the cloud were also found, including smart refrigerators and music lights that are still sending traffic through the corporate network.
Who is responsible for this?
The team also pays close attention to activities specific to IoT malware tracked in the cloud. In terms of quantity, a total of 18,000 unique hosts and approximately 900 unique payload deliveries were observed over a 15-day time frame.
The malware families Gafgyt and Mirai are the two most common families encountered by ThreatLabz, accounting for 97% of the 900 unique payloads. These two families are known for hijacking devices to create botnets-large private computer networks can be controlled as a group to spread malware, overload infrastructure or send spam.
Who is the target?
The top three countries targeted by IoT attacks are Ireland (48%), the United States (32%) and China (14%).
Most of the infected IoT devices (nearly 90%) have been observed to send data back to servers in one of three countries: China (56%), the United States (19%) or India (14%).
How to protect yourself?
As the list of “smart” devices in the world increases every day, it is almost impossible to prevent them from entering your organization. Instead of trying to eliminate shadow IT, IT teams should develop access policies to prevent these devices from becoming the gateway to the most sensitive business data and applications. These strategies can be adopted regardless of whether the IT team (or other employees) is local or not.
Here are some tips for mitigating IoT malware threats, whether on managed devices or BYOD devices:
01 Know all your network equipment
Deploy solutions that can view and analyze network logs to understand all devices and their functions that communicate over the network.
02 Change all default passwords
Password control may not always be feasible, but the basic first step in deploying enterprise-owned IoT devices should be to update passwords and deploy two-factor authentication.
03 Regular updates and patches
Many industries (especially manufacturing and healthcare industries) rely on IoT devices in their daily work processes. Make sure that you are always aware of any new vulnerabilities discovered and keep your device security up to date with the latest patches.
04 Isolate the Internet of Things Network
Install IoT devices on your own isolated network to prevent lateral movement and restrict inbound and outbound network traffic. Similarly, by only allowing communication with the relevant IP and ASN, preventing external access to unnecessary ports, and limiting access from external networks as much as possible.
05 Implement a zero trust architecture
The only way to prevent shadow IoT devices from posing a threat to corporate networks is to eliminate implicit trust policies and use dynamic identity-based authentication (also known as zero trust) to strictly control access to sensitive data.