An 18% rise in IoT device traffic and a substantial 400% increase in malware attacks targeting IoT devices have been revealed by security researchers.
The findings by Zscaler highlight significant challenges and vulnerabilities accompanying the growing adoption of Internet of Things (IoT) and Operational Technology (OT) systems.
The study, published today, examined 300,000 blocked IoT attacks and found that botnet malware families like Mirai and Gafgyt accounted for 66% of attack payloads.
Manufacturing, which leads in IoT adoption, also suffered disproportionately, enduring more than three times the weekly attacks compared to other sectors.
With 54.5% of malware attacks targeting manufacturing, disruptions in this sector could ripple into supply chain logistics, defense, finance and retail.
Manufacturing Under Siege
According to Zscaler, the manufacturing industry’s embracing of IoT for automation and real-time data integration makes it a prime target for cyber-attacks.
Known as Industry 4.0, this digital transformation depends on interconnected IoT and OT systems to drive production efficiency and innovation. However, the convergence of these systems also increases exposure to threats that could jeopardize critical industrial processes and, in some cases, human lives.
The report noted that the US remains a primary focus for malware developers due to its robust digital infrastructure.
“Its extensive network and advanced technology ecosystem offer unparalleled opportunities for efficiently distributing malware, wreaking havoc with widespread impact and ultimately compromising a wide range of systems to exploit vulnerabilities and propagate malicious software,” Zscaler explained.
Best Practices to Mitigate Threats
The report provided several strategies to secure IoT and OT systems, including:
-
Visibility: Continuously monitor IoT devices, including unmanaged devices, for comprehensive network awareness.
-
Credential protection: Use multi-factor authentication (MFA) to secure accounts and prevent unauthorized access.
-
Employee training: Educate staff about IoT device risks and establish protocols for reporting new devices.
-
Zero-trust architecture: Enforce least-privileged access, segment networks and scrutinize traffic from unsanctioned devices.
Read more on IoT security: Half of IT Leaders Identify IoT as Security Weak Point
“As we move forward, it’s vital to remain vigilant and proactive in implementing security measures to ensure a safe and secure interconnected digital world,” Zscaler concluded.