IoT malware attacks saw a huge rise last year

IoT Devices
(Image credit: Shutterstock)

As the number of consumer-oriented Internet of Things (IoT) devices grows, so does the interest of cybercriminals, new research has found.

A report from Atlas VPN based on data published by cybersecurity firm SonicWall found that malware attacks against IoT devices grew by two-thirds (66%) between 2019 and 2020. Last year, the total number of attacks recorded hit 56.9 million, up from 34.3 million the year before.

Regional distribution of this malware is uneven, the report further says, arguing that North America saw significantly more attacks, compared to the rest of the world. The data shows IoT malware in North America leaping 152%, while in Europe, on the other hand, that jump has been relatively smaller - 48%. Asia saw an 18% rise in IoT malware year-on-year, while the remaining regions - Africa, Australia, and South America - 17%.

Rachel Welch, COO at Atlas VPN noted that consumers should protect their IoT devices in the same manner as they would protect their computers and smartphones: by regularly updating the software, setting up strong, unique passwords, and disabling any device features they don’t need, thus limiting potential entry points for criminals. 

“It is also advisable to set up a separate guest WiFi network for your IoT devices. Thus if hackers manage to compromise any of your smart devices, they will not be able to infect computers on your primary network,” Welch added.

Security warnings

Atlas VPN is not the first company to warn about poor IoT cybersecurity. Late last year, Forescout published a report revealing 33 new memory-corrupting vulnerabilities that affect millions of connected devices around the world. 

Back then, researchers had estimated that millions of devices, from more than 150 vendors, likely contained the vulnerabilities that could expose embedded devices to denial of service attacks, remote code execution, information leak, DNS cache poisoning, and even total takeover.

Patching, usually considered the best and fastest remedy, is often near impossible, given that many of the devices are built on open-source stacks that have been modified and republished throughout the years.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.