Smart refrigerators, printers, POS: attack vehicle

0
Smart refrigerators, printers, POS: attack vehicle

L ‘The Internet of things It is not secure, but it can easily become a target and a means of cyber attacks. The warning is certainly not new, because the rise in risks related to the Internet of Things has been talked about for some time, but today is a study on Zscaler (“IoT in the Enterprise: Empty Office Edition”) backs this up with troubling facts and figures. In just two weeks, between December 15 and December 31, 2020, the Zscaler platform processed 575 million transactions on corporate physical networks, and detected about 300,000 attempts at malware-based attacks for the Internet of Things, exploits, command-control and communications. The number represents a 700% more than pre-pandemic statsThere is a reason: the attacks were targeted 553 different types of devices, Including printers, digital signage solutions and smart TVs, all connected and communicated with companies’ IT networks while many employees were working remotely during the lockdowns.

So empty offices have not deterred cybercriminals from targeting companies’ IT assets and data – far from it. “For more than a year, most corporate offices were mostly unused, as employees continued to work remotely during the COVID-19 pandemic.‘ commented Deepen Desi, Information Security Officer de Zscaler. “However, our service teams found that despite the understaffing in the office, Corporate networks were still bustling with IoT activity. The size and variety of IoT devices connected to corporate networks is large and includes different types of devices, from music lights to IP cameras. Our team found that 76% of these devices still communicate over unencrypted plaintext channels, which means that most IoT transactions pose a significant risk to businesses.“.

See also  Fans were outraged by Carrie Underwood, the 2020 Thomas Rhett Award winner at the 2020 ACM Awards

IoT devices most at risk

Of more than half a billion transactions on IoT devices, Zscaler’s ThreatLabz team identified 553 different devices from 212 manufacturers, with clear dominance in three product categories: decoding (29% of the total), Smart TV (20%) e smart watch (15th%). However, the risks are concentrated on the devices that businesses use, while IoT objects used for entertainment (smart speakers, smart TVs) and for home automation log fewer traffic.

In particular, 59% of the traffic detected in the two weeks came from IoT devices used in the manufacturing and retail sectors: 3D printers, geolocation systems and automotive multimedia systems, data collection stations such as barcode readers NS Payment terminals. Corporate devices came in second with 28% of traffic, followed by healthcare devices with around 8% of traffic. Researchers also discovered, unexpectedly, that devices such as smart refrigerators NS Musical lights They connect to the cloud and send traffic through corporate networks.

The most famous malware for the Internet of things and its targets
Malware families javjit NS mirai The two families were the most discovered by ThreatLabz, so much so that they account for 97% of the 900 unique payloads. This is malware that hijacks IoT devices to create botnets – networks of controlled objects and use them to spread other malware, perform DDoS attacks, or send spam.

In December 2020, the countries most targeted for IoT attacks wereIreland (48%), the United States (32%), and China (14%). Where did the attackers work? Mainly from three countries, namely China (56% of malicious IoT traffic was routed), the United States (19%), and India (14%).

See also  Lukewarm employment growth sparked a debate about incentives - La Voce di New York

How to defend yourself from the dangers associated with the Internet of Things? Zscaler recommends having full view On network devices, from Change default passwords from hardware, from Update software and install patches Regularly, and finally to apply strict policies to get‘Don’t trust’ security architecture.

Leave a Reply

Your email address will not be published. Required fields are marked *