IoT malware attacks worldwide surge by 66% to over 50 million in 2020
March 2021 by Atlas VPN
From wearables and baby monitors to defibrillators and industrial robots — Internet of Things (IoT) devices are slowly taking over our lives both in personal and business settings. However, so are cyber threats related to these devices.
According to the data presented by the Atlas VPN team, based on the Global Cyberattack Trends report by SonicWall, in 2020, malware attacks on IoT devices spiked by 66% compared to 2019. In a year, they grew from 34.3 million cases to nearly 56.9 million.
The attacks reached their peak in October when they hit 10.8 million cases — more than in the entire year of 2017. Out of all the industries, the education sector was hit the hardest. It experienced an average of 71 IoT malware attempts a month.
The majority of other cyberattack types also experienced an increase last year. Ransomware jumped by 62%, from 187.9 million cases in 2019 to 304.6 million in 2020.
Meanwhile, cryptojacking attacks grew 28% year-over-year, from 64.1 million cases in 2019 to 81.9 million last year. Cryptojacking occurs when criminals hack into personal or business computers to install software for mining cryptocurrency.
The number of intrusion attempts rose by a fifth (20%) from 3,990,000 million (3.99 trillion) to 4,800,000 million (4.8 trillion) in 2020. Intrusion attempts are events when cybercriminals try to gain unauthorized access to a system or a certain resource.
At the same time, encrypted threats climbed by 4% to 3.8 million last year. Encrypted threats refer to cases when criminals take advantage of encryption protocols to hide their attacks. Encryption protocols, such as TLS or SSL, are typically used to create an encrypted tunnel for securing data over the internet connection.
While other forms of cybercrime were booming, general malware experienced a significant drop of 43%. It went down from 9,900 million (9.9 billion) attacks in 2019 to 5,600 million (5.6 billion) in 2020.
North America saw a 152% spike in IoT malware attacks
An increase in IoT malware attacks was seen across all global regions last year. However, some regions were more affected than others.
Out of all the regions, North America saw the biggest soar in IoT malware cases in 2020. In a year, IoT malware attacks leaped by an alarming 152%.
Europe occupies the second spot in the list. In 2020, malware attacks on IoT devices there rose by 48% compared to the year before.
Next up is Asia. Last year the region recorded an 18% increase in IoT malware cases year-over-year.
Finally, Africa, Australia, and South America saw the smallest increase in IoT malware cases — they went up by 17%.
The increase in IoT malware attacks is not entirely unforeseen. By 2020, IoT technology was estimated to be in 95% of electronics for new product designs. Naturally, as the number of devices with IoT technology is growing, so are the cyber threats.
Shift to remote work was another factor behind the surge in IoT malware attacks last year. As workers started accessing their company systems via home networks that are often connected to multiple unsecured home devices, the latter became an attractive target to cybercriminals. All of a sudden, they could use vulnerable IoT devices to access company networks.
Tips to secure your IoT devices
While some legislations concerning IoT security regulation, such as the California Internet of Things Security Law, have already been enforced, at the moment, there is no global security standard for IoT devices. It means that it is up to each company to decide how secure their devices should be.
In fact, according to the Unit 42 research, 98% of all IoT traffic is unencrypted, while 57% of IoT devices are vulnerable to medium or high-severity attacks.
However, we as consumers can take matters into our own hands to make our IoT and smart home devices safer. Here are five tips to help you protect your IoT devices from outside threats:
Secure your WiFi. There are many things you can do to make your WiFi network safer. For starters, change the password and the default name of your WiFi. The latter is oftentimes named after its manufacturer or the network you are using, which makes it possible for criminals to find or guess the default login credentials for your router. Also, make sure you are using the strongest level of encryption possible.
Set up a guest network for IoT devices. Many routers support the possibility of creating a secondary WiFi network alongside your main one. Thus even if criminals manage to hack into one of your IoT devices, they cannot get to your family computers and smartphones, as they are connected to a separate network than your IoT ones.
Disable features you do not need. Bluetooth, voice control, location tracking, remote access are just some of the many features your smart devices may have. Make sure to disable any features that you do not use, as it will help lessen the potential entry points for hackers.
Use strong and unique passwords. If some of your IoT devices require credentials to sign in, make sure to create strong and unique passwords containing both lower and upper case letters, numbers, and symbols for each of them. This way, even if one of your IoT devices gets hacked into, criminals will not be able to access your other devices with the same login details.
Keep your software up to date. Always update software to its latest version as soon as it is available. The latest software may contain security patches, which will make it harder for hackers to exploit system vulnerabilities.