An alarming 400% surge in IoT malware attacks have occurred since 2022, a study released earlier this week asserted. The Zscaler report highlighted the manufacturing sector as most at risk and called for urgent reassessment of cybersecurity protocols.
This surge comes at a time when IoT devices are becoming more embedded in industrial and enterprise environments, with smart factories and industry 4.0. promising to be one of IoT’s first major implementation. The manufacturing industry is particularly affected, experiencing a 961% increase in attacks, and businesses in Mexico and the US are the most targeted.
The report asserts the main vulnerabilities lie In cybercriminals exploiting legacy vulnerabilities, with the majority of popular exploits targeting flaws over three years old. These older ‘legacy devices’ often lack the security measures of their modern counterparts, and have been identified as a critical weakness, making them easy targets for cyberattacks. This is compounded by a general lack of updates and patches for such devices, leaving them susceptible to exploitation.
A Nokia Threat Intelligence Report 2023 previously shed light on the challenges presented by these legacy devices, citing a fivefold increase in IoT-based attacks. This report, backed by data from 50 CSPs, further underscores the urgency for robust 5G network security measures.
In response to this, ZScaler reignited calls to adopt a zero trust architecture to improve device visibility and combat the escalating threat to operational technology security. Calls for zero trust around IoT security have become a growing concept as a way to tackle this growing problem.
These efforts to coordinate and agree on security protocols are becoming increasingly important as IoT devices now account for a substantial portion of DDoS traffic, with botnets exploiting default credentials to access devices.
Panasonic’s innovative response to the escalating threat landscape is the deployment of ‘honeypot’ devices. These traps aim to entice and engage attackers, allowing Panasonic to gather crucial data on attack methodologies and subsequently fortify their defences. This five-year project is part of a strategic move to bolster IoT defences and patch vulnerabilities and develop countermeasures.
Panasonic’s efforts, including their Threim system, demonstrate an industry shift towards in-built malware detection and defence capabilities, emphasising the role of manufacturers in product security strategy.
This idea of built in malware defence is becoming increasingly important as governments and regulatory bodies recognise the challenge and respond with IoT security legislation, like the US Cyber Trust Mark, which will reward manufacturers meeting stringent security requirements for their IoT devices. This intervention is essential in establishing cybersecurity standards for IoT devices and networks, encouraging secure design practices, and enforcing penalties for non-compliance.
This collaborative stance defining what makes a device or network secure is one the industry has yet to come to a consensus on, but reports like this highlight the significant security challenges faced when there is none.