Zscaler specialists have published the results of an analysis of the state of IoT devices left in corporate networks during the transition to remote operation after the outbreak of the coronavirus infection (COVID-19) pandemic.

The study analyzed more than 575 million data transfers of IoT devices and 300 thousand attacks recorded between December 14 and December 31, 2020. Compared to data obtained before the pandemic, the number of attacks increased by 700%. The attacks targeted 553 different types of devices, including printers, digital signage and smart TVs connected to corporate IT networks, while many employees switched to remote operation.

According to experts, 76% of IoT devices still communicate over unencrypted channels in clear text, posing a great business risk.

Of the more than half a billion data transfers of IoT devices, 553 different devices were identified from 212 manufacturers, 29% of which were set-top boxes, 20% were smart TVs and 15% were smartwatches. The home entertainment and automation category had the most unique devices, but they accounted for the fewest data transfers compared to manufacturing, corporate, and medical devices.

Most of the data traffic (59%) came from devices in the manufacturing and retail industries, including 3D printers, geolocation trackers, car multimedia systems, and data collection terminals (barcode readers and payment terminals). In second place were corporate devices, accounting for 28% of data transfers, followed by medical devices (8% of traffic).

Over the 15-day period, experts identified a total of 18,000 unique hosts and about 900 unique payload transfers. The most common infections were with the Gafgyt and Mirai malware families, accounting for 97% of the 900 payloads. These families allow their operators to take control of devices to create botnets.

The most frequently attacked IoT devices were in Ireland (48%), the USA (32%) and China (14%).
Ticket machines of the British state-owned railway company Northern Trains were disabled in an alleged cyber-attack using ransomware.

As reported by the Reuters news agency, only the servers associated with the ticket machines were damaged as a result of the incident.

"We are currently investigating with our vendor, but there are indications that the devices have been cyberattacked using ransomware," the company said in a statement.

Northern Trains representatives assured that no customer or payment data was compromised.

For more information about: mcse certification