An analysis of device logs published today by Zscaler found that, in the first six months of this year, there has been a 400% increase in blocked malware attacks targeting internet-of-things (IoT) environments, with Mirai and Gafgyt malware families accounting for 66% of the payloads delivered.

In total, Zscaler identified more than 350 unique malware attack payloads, with 34 of the 39 most widely used IoT exploits targeting vulnerabilities that have existed for more than three years and have patches available to remediate.

Nearly 75% of exploits involved authorized command injection vulnerabilities that cybercriminals often employ to download and execute scripts or malicious binaries, the report found. Approximately 62% of the vulnerabilities discovered were specific to routers.

Not surprisingly, the analysis also found manufacturing is the most targeted sector for these attacks, with, on average, 6,000 IoT malware attacks made weekly.

Overall, the ThreatLabz research team at Zscaler identified three trillion IoT device transactions generated by more than 850 unique device types. The majority of IoT transactions came from data collection terminals (51.9%), which are wireless barcode readers used in manufacturing, engineering, logistics and warehousing applications, followed by printers at 25% and digital signage media players at 11%.

However, the report also noted that IoT malware attacks in the education sector increased by 961%, but in terms of volume of IoT traffic, the retail sector generates the most.

On the plus side, close to 62% of all IoT transactions employed SSL/TLS channels to encrypt traffic, with 38% of transactions still occurring over unencrypted, plaintext channels.

Deepen Desai, global CISO and head of security research for Zscaler, said most IoT attacks attempt to compromise IoT endpoints to enable malware to spread laterally across a distributed computing environment. In fact, organizations still need to inspect encrypted traffic for hidden malware payloads, he noted.

Another challenge many organizations face is that many of these devices require the physical insertion of a USB drive to apply a patch, noted Desai. As a result, many IoT devices are running outdated software with known vulnerabilities that are easily exploited, he added.

In addition, the management consoles and virtual private networks (VPNs) that organizations rely on to remotely manage devices are subject to phishing attacks through which cybercriminals steal credentials. Once they gain access to IoT devices, they then inject malware into any IoT device that is centrally managed over a network, said Desai.

Organizations that have deployed IoT devices would be well-advised to first establish visibility into their IoT environments, apply multifactor authentication (MFA) and then work toward applying zero-trust principles to thwart attacks, he added.

It’s not always clear who is responsible for IoT security. Historically, many of these devices have been managed by operational technology (OT) professionals; as attacks increase in volume and sophistication, the need for more cybersecurity expertise to protect IoT devices has become evident. The issue, of course, is finding a way to protect an ever-increasing attack surface at a time when cybersecurity professionals with any IoT expertise are both difficult to find and retain.