400% increase in IoT and malware attacks detected by Zscaler ThreatLabz


Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report reveals that the manufacturing and education sectors are most frequently targeted

Education sector reports a perceived nearly 1000% increase in IoT and malware attacks

Key findings:

  • The manufacturing sector, which relies heavily on the use of IoT and OT, was the most frequently targeted. Consequently, this sector saw the most IoT malware attacks blocked, accounting for 54.5% of all attacks with an average of 6,000 weekly attacks.
  • The education sector saw the largest increase in IoT malware attacks, reaching 961%.
  • The countries most frequently targeted were Mexico and the United States. Together, they accounted for 69.3% of all attacks.
  • IoT botnet activity, a growing problem for OT, continues to dominate, with the Mirai and Gafgyt malware families responsible for 66% of attack payloads.

Amsterdam, 25 oktober 2023 - Zscaler, Cloud security leader presents the findings of its Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report. The report provides insight into malware activity over a six-month period. The ThreatLabz team analysed around 300,000 blocked attacks on IoT devices protected by the Zscaler Zero Trust Exchange platform. Compared to last year, the number of attacks on IoT devices increased by 400%. The increased frequency of malware attacks targeting IoT devices is a major concern for OT security, as the mobility of malware can facilitate movement across networks, potentially compromising critical OT infrastructure.

ThreatLabz focuses on understanding IoT device activity and characteristics through device fingerprinting and analysing the IoT malware threat landscape. As more industries, organisations and individuals rely on devices connected to the internet, the threat of malware and legacy vulnerabilities is growing. By adopting a zero trust architecture, organisations can gain visibility into IoT device traffic and minimise IoT security risks.

"Weak enforcement of security standards for IoT device vendors combined with the persistence of shadow IoT poses a huge threat to organisations. Cybercriminals often target unmanaged and unpatched devices to gain access to the environment," said Deepen Desai, Global CISO and Head of Security Research at Zscaler. "To address these challenges, I encourage organisations to implement zero trust principles for securing IoT and OT devices. Never trust, always verify and expect an intrusion. Organisations can eliminate the risk of lateral movement by using continuous detection and monitoring processes to segment these devices."

Consistent growth in number of attacks
With the steady adoption of IoT and personal connected devices, Zscaler sees an increase of over 400% in IoT malware attacks year-on-year. The growth in the number of cyber threats shows that cybercriminals are persistent and can adapt to changing circumstances when launching IoT malware attacks.

Moreover, this research shows that cybercriminals often target older vulnerabilities, with 34 of the 39 most popular IoT exploits specifically targeting vulnerabilities that have been around for more than three years. The Mirai and Gafgyt malware families still account for 66% of payloads. They create botnets of infected IoT devices that are then used to launch denial-of-service (DDoS) attacks against lucrative businesses. Botnet-driven distributed DDoS attacks are responsible for billions of dollars in financial losses in a variety of industries around the world. Moreover, DDoS attacks pose a risk to OT as they potentially disrupt critical industrial processes and even endanger human lives.

Manufacturing sector most affected - education is taught a lesson
The manufacturing and retail sectors accounted for nearly 52% of IoT device traffic, with 3D printers, geolocation trackers, industrial control devices, automotive multimedia systems, data collection terminals and payment terminals sending the majority of signals over digital networks. However, the amount of device traffic has also created opportunities for cybercriminals and the manufacturing sector now sees an average of 6,000 IoT malware attacks every week.

In the process, these IoT malware attacks can disrupt critical OT processes. This creates long-term challenges for security teams at manufacturing companies, but also shows that industrial IoT has a big lead in adopting unique IoT devices (almost three times more than in other industries). This increase is significant as manufacturing organisations continue to adopt IoT tools to automate and digitise their existing infrastructure.

Education is another sector that suffered from high attention from cybercriminals in 2023, with the proliferation of both unsecured and shadow IoT devices within school networks offering attackers easier access points. The wealth of personal data stored on their networks has made educational institutions particularly attractive targets, leaving students and governments vulnerable. In fact, the report shows that IoT malware attacks in the education sector have increased by almost 1000%.

United States and Mexico most frequently attacked
The findings further show that the United States is a top target for IoT malware creators, with 96% of all IoT malware being spread from compromised IoT devices in the United States.

Mexico faced the most infections in 2023, with 46% of all IoT malware infections. Indeed, three of the four most infected countries in 2023 (Mexico, Brazil and Colombia) are Latin American countries.

Protection against IoT/OT attacks with the Zscaler Zero Trust Exchange
The Zscaler Zero Trust Exchange platform is a holistic approach to zero trust security, verifying identity and context, applying access controls and enforcing policies before establishing a secure connection between a device and an application.

Zscaler protects enterprise networks using the Zero Trust Platform by leveraging Zscaler Internet Access (ZIA), whose identity-driven access and risk-based security protects the exchange of telemetry between IoT devices and enterprise networks.

Zscaler protects enterprise networks with the Zero Trust Exchange platform, which uses Zscaler Privileged Remote Access to provide remote employees and remote vendors with clientless remote desktop access to sensitive RDP, SSH and VNC production systems without the need to install a client on unmanaged devices or login to jumphosts and VPNs. This means that remote employees or third parties can access and maintain OT devices without compromising the security of the network or the critical infrastructure that powers it.

Download hier the full Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report. Zscaler ThreatLabz.

The research methodology for this report includes analysis of device logs from various sources and sectors between January and June 2023.

The report uses data from customer deployments connecting to Zscaler's global security cloud, which processes more than 500 trillion signals daily and blocks 9 billion threats and policy violations per day, with more than 250,000 daily security updates.


Expert reactions to first anniversary ChatGPT

Lawmakers from EU want to reduce tech dependency

New CEO of Binance discusses the future of the exchange

Cyberscams during the holidays: here's what you need to know

© Dutch Tech On Heels - 2023
Made with
Web Wings