It happened overnight for many enterprises. Bustling offices turned into desolate spaces--abandoning plants to die, snacks to go stale, and calendars to remain frozen in time. And like out of a movie, amidst the eerie quiet there was something still alive and buzzing with activity.
Neglected in the buildings, set top boxes, digital signage, networked printers, and many other IoT devices were still connected to the network. As if nothing had changed, the devices continued to refresh data, perform functions, and await commands. But unlike the other forsaken objects on the shelves, IoT devices drew an inordinate amount of attention. Threat actors quickly identified the devices as attack opportunities, resulting a staggering 833 IoT malware blocked every hour by the Zscaler cloud.
In our latest research report, IoT in the Enterprise: Empty Office Edition, the Zscaler ThreatLabz threat research team takes a closer look at this activity to answer an important question:
What happens when employees abandon their smart devices at work?
Using data collected between December 14 and December 31, 2020, when most non-essential business offices were shut down, we completed two studies: an IoT device fingerprinting study that identified IoT devices and traffic and an IoT malware study based on data from the Zscaler cloud. The result—an eye-opening deep dive into both sanctioned and unsanctioned IoT devices and IoT malware attacks, showing tremendous growth in both.
- IoT malware on corporate networks has increased by 700 percent year-over-year, despite much of the global workforce working from home
- Entertainment and home automation devices posed the most risk due to their variety, low percentage of encrypted communication, and connections to suspicious destinations
- 76% of IoT communications occur on unencrypted plain text channels
- Gafgyt and Mirai—malware families popularly used in botnets—accounted for 97 percent of the IoT malware payloads blocked by the Zscaler cloud
- Technology, manufacturing, retail & wholesale, and healthcare industries accounted for 98 percent of IoT attack victims
- Most attacks originated in China, the United States, and India
- Most targets for IoT attacks were in Ireland, the United States, and China
Security Takeaways as Office Life Returns
While some companies are beginning to phase employees back into corporate office spaces, the pandemic lessons of unprotected or improperly protected IoT devices remains unchanged at best. Today, the ever-growing breadth of IoT devices making its way onto corporate networks includes everything from smart watches and IP cameras to automobiles and musical furniture. As we’ve documented in our findings, these new categories of IoT are often completely off the radar for IT teams. At the same time, we’re witnessing these new attack vectors breed ingenuity among threat actors and hasten the need for organizations to employ zero trust policies and architectures.
For many, IoT security and policy are still immature. The good news though is that now we have the data to understand these dangers, and a set of best practices that organizations of all sizes can implement to improve their IoT security posture.
Download your copy of our latest report and get the full details of today’s IoT threats, including the most common devices, traffic patterns, countries devices route to, most targeted industries, and more to help you protect your corporate network.