IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

IoT attacks have increased by 200% in two years

Audio-visual and home automation devices are most at risk, says Zscaler report

Graphic representation of IoT devices in businesses

Attacks on internet of things (IoT) devices have ramped up 700% in two years, according to a study from security company Zscaler. 

In its IoT in the Enterprise: Empty Office Edition report published today, the company revealed the characteristics of IoT devices that it fingerprinted across its network of protected assets. 

During the two-week study period last December, the company also analyzed traffic coming from these machines to assess how much of it was malicious and what it did. 

Zscaler blocked roughly 300,000 malware-related IoT transactions in those two weeks. This was a seven-fold increase in the malicious traffic it found during the 2019 study. 

The company also found 900 unique payload deliveries to 18,000 unique hosts. Almost all those unique payloads (97%) belonged to the Gafgyt (63.1%) and Mirai (34.1%) botnets. However, the frequency of attacks was inverted; Mirai payloads accounted for 76% of attacks while Gafgyt payloads made up just 5% of attacks. 

CCTVs and digital video recorders were among the units most likely to phone home to a botnet's command and control server. The report found devices in this category from over 70 vendors infected by malware. Routers were also commonly infected in the study. 

Related Resource

X-Force Threat Intelligence Index

Top security threats and recommendations for resilience

Transparent cube against a black background - whitepaper from IBMFree download

The report called out devices from Linksys and D-Link, the latter of which settled with the FTC in 2019 for allegedly failing to include adequate security measures in its IoT products

Even today, most IoT devices transmit data in the clear, with only 24% using encryption. While still unacceptably high, it's up from the 17% in the company's 2020 report. That’s also a threefold improvement on the 2019 study, which found only 8.5% of devices transmitting data in the clear. 

Encryption was unevenly distributed across verticals, with devices in the health care sector using SSL roughly half the time. Conversely, only 2.7% of enterprise devices used SSL to encrypt communications. 

Entertainment and home automation devices, including virtual assistants, represented the biggest attack risk, according to Zscaler. The report said that this risk stems from their relatively infrequent encryption use and tendency to phone home to suspicious destinations. It's also because there are so many of these devices. Of the 553 device types found, almost one in three found were set-top boxes. One in five were smart TVs. 

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Microsoft says it's provided over $100 million in tech support to Ukrainian government
cyber attacks

Microsoft says it's provided over $100 million in tech support to Ukrainian government

20 May 2022