An alarming new report from Zscaler ThreatLabz has revealed a staggering 400% increase in Internet of Things (IoT) and Operational Technology (OT) malware attacks year-on-year (YoY), with the manufacturing sector being the primary target of such nefarious activities. According to the report, the manufacturing industry suffered 54.5% of all recorded attacks.

The researchers state, legacy vulnerabilities are high on cyber criminals’ agendas, with 34 out of the 39 most prevalent IoT exploits specifically aimed at weaknesses that have existed for more than three years. As more industries, organisations, and individuals increase their dependence on internet-connected devices, the propensity and risks of cyber attacks surge commensurately.

Manufacturing and retail accounted for nearly 52% of IoT device traffic, with 3D printers, geolocation trackers, industrial control devices, automotive multimedia systems, data collection terminals, and payment terminals sending the majority of signals over digital networks. However, the quantity of device traffic has created opportunities for cyber criminals, and the manufacturing sector now sees an average of 6,000 IoT malware attacks every week.

Moreover, these substantial IoT malware attacks can disrupt critical OT processes, which are integral in many industrial manufacturing plants such as automotive, heavy manufacturing, and plastic & rubber.

This creates long-term challenges for security teams at manufacturing businesses but also demonstrates that industrial IoT holds a substantial lead in adopting unique IoT devices (nearly three times more than other sectors). This increase is critical as manufacturing organisations continue adopting IoT tools for automation and digitisation of legacy infrastructure.

Education is another sector that suffered from outsized attention from cyber criminals in 2023, with the propagation of unsecured as well as shadow IoT devices within school networks providing attackers with easier access points.

The wealth of personal data stored on their networks has made educational institutions particularly attractive targets, leaving students and administrations vulnerable. In fact, the report found IoT malware attacks in the education sector increased by nearly 1000%.

Deepen Desai, Global CISO and Head of Security Research at Zscaler, emphasises the necessity for a robust approach to IoT and OT security, stating, "Weak enforcement of security standards for IoT device manufacturers coupled with the proliferation of shadow IoT devices at the enterprise level poses significant threats. More than ever, I urge organisations to uphold zero-trust principles, including continuous discovery and monitoring processes to segment these devices and diminish risk."

The research methodology for this report includes analysis of device logs from a multitude of sources and industry verticals between January and June 2023. The report uses data derived from customer deployments that connect to the Zscaler global security cloud, which processes more than 500 trillion daily signals and blocks 9 billion threats and policy violations per day, with over 250,000 daily security updates.