Menu

IoT FEATURE NEWS

Better Security is Required: IoT Malware Attacks Hit a 400% Increase

By

They say “Write what you know.” That becomes applicable for diverse trades of writers; no matter the topic, a strong knowledge base usually lends a strong output, content-wise.

For me, though I also cover Smart City Sentinel, Future of Work News and other sister sites of ours, the Internet of Things (IoT), the Industrial Internet of Things (IIoT), as well as the Artificial Intelligence of Things (AIoT), as of late – advances in these industries have been extremely significant, and it has become a key part of my knowledge base. (I suspect it’ll stay that way, too; IoT devices are proliferating immensely, and so too will the news coverage about the latest “of Things” innovations.)

So, let’s discuss that proliferation – specifically, how the risk of IoT-specific malware is also increasing dramatically, in turn.

According to Statista, the number of IoT cyber attacks worldwide amounted to over 112 million last year. That’s a crazy figure, given it was around 32 million back in 2018. In five years, attacks have skyrocketed.

Another big name researching the IoT malware landscape is Zscaler. Earlier today, the 
Zscaler ThreatLabz 2023 IoT and OT Threat Report” and its findings were released. It provides an in-depth study of IoT malware activity that spanned a six-month period and analyzed approximately 300,000 blocked attacks on IoT devices – notably, securely blocked the Zscaler Zero Trust Exchange platform.

This number of attacks, albeit blocked, represents a bewildering 400% increase in malware compared to 2022. We’re not talking about “back in 2018” anymore. This is, without a doubt, a highly important concern for security on both physical and digital levels, as the mobility of IoT malware can, in Zscaler’s words, “facilitate movement across different networks, potentially endangering critical OT infrastructure entirely.”

In its report, ThreatLabz focused on the consistent growth in attacks, the top sectors that are being targeted (and which countries, as well), and more about the double-edged sword that has become our reliance on everything IoT.

Below, I’ve condensed Zscaler’s top takeaways and the data therein:

Legacy vulnerabilities are prime targets for botnet-driven DDoS attacks. Cybercriminals are actively targeting legacy vulnerabilities, with 34 of the 39 most-used IoT exploits specifically being directed at vulnerabilities which have existed for at least three years. As Zscaler has reported, “The Mirai and Gafgyt malware families continue to account for 66% of attack payloads, creating botnets from infected legacy IoT devices that are then used to launch DDoS attacks, especially against lucrative businesses.” Botnet-driven distributed DDoS attacks are responsible for billions of dollars in financial losses across industries around the globe.

Manufacturing and education are at the heart of IoT malware attacks. The former currently accounts for 54.5% of total IoT device traffic; 3D printers, data collection terminals, geolocation trackers, industrial sensors, payment terminals, and even automotive multimedia systems send the majority of signals over our digital networks. This attracted cybercriminal attention, and now the sector sees an average of 6,000 IoT/OT malware attacks per week. Per Zscaler, “Substantial IoT malware attacks can disrupt critical OT processes, which are integral in many industrial manufacturing plants like automotive, heavy manufacturing, and plastic and rubber.” This creates can’t-ignore, long-term safety and operational challenges for teams to handle.

Moreover, education has suffered from outsized criminal attention, “with the propagation of unsecured as well as shadow IoT devices within school networks providing attackers with easier access points.” There is a bona fide wealth of personal data stored on educational institutions’ networks, which is why this sector’s attack rates increased by nearly – and I’m lamenting having to type this many zeros here – 1,000%. (Technically, it’s 961%, but the fact that it’s even that close a thousand demands attention.)

In short, regardless of sector, the right IoT protections are sorely needed.

  • The U.S. and Mexico are targeted most frequently. Zscaler’s findings show that 69.3% of all IoT malware infected compromised devices in the U.S. and Mexico.
    (Note: Three of the top four countries most plagued by this are Latin American countries.) Global IoT protections, again, are very sorely needed, but the U.S. and Mexico need IoT security the most, according to the report.

“Weak enforcement of security standards for IoT device manufacturers – coupled with the proliferation of shadow IoT devices at the enterprise level – poses a significant threat to global organizations,” said Deepen Desai, Global CISO and Head of Security Research, Zscaler. “Often, threat actors target ‘unmanaged and unpatched’ devices to gain initial footholds into the environment. To address these challenges, I encourage organizations to enforce zero trust principles when securing IoT and OT devices. Never trust, always verify, and assume breach. Organizations can eliminate lateral movement risk by utilizing continuous discovery and monitoring processes to segment these devices.”

The moral of this long-story-short summary of Zscaler’s data?

We can’t stress it enough: Securing everything IoT against malware attacks should take a top priority for organizations, and Zscaler underscores the need for better zero trust architecture to protect critical infrastructure.

So while I hope to continue “writing what I know” as far as IoT goes, readers, I also hope that these attack numbers are slowed. In the modern era, this must be taken seriously.




Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

Your Secret Weapon for Enhanced Liability Defense

By: Contributing Writer    6/23/2026

Running a business has its benefits. It can free you from a traditional 9-5 structure. However, it also introduces new layers of risk-especially in a …

Read More

The Digital Supply Chain: Resilience, Visibility, and the End of Flying Blind

By: Carl Ford    5/26/2026

Digital supply chain transformation is helping enterprises replace fragile, efficiency-only models with resilient, real-time operations powered by end…

Read More

The CIO Reimagined: From IT Keeper to Digital Business Leader

By: Carl Ford    5/26/2026

The modern CIO is evolving from an IT operations leader into a strategic digital business executive, responsible for driving AI governance, cloud stra…

Read More

Industrial IoT and the Rise of Smart Level Monitoring

By: Contributing Writer    5/18/2026

Industrial operations are becoming increasingly data-driven. From manufacturing plants and oil terminals to water treatment facilities and agricultura…

Read More

How Does Anthropic's Mythos Foretell the Post Quantum Nightmare?

By: Carl Ford    5/14/2026

AI security tools like Anthropic's Mythos are exposing hundreds of exploitable flaws in legacy software stacks, underscoring the urgent need for bette…

Read More