Malware Exploiting IoT Devices on the Rise, SonicWall Warns

IoT Malware

SonicWall has published its mid-year Cyber Threat Report for 2024. In the first half of the year, there was a significant increase in supply chain attacks, a rise in malware targeting Internet of Things (IoT) devices, and a heightened use of PowerShell by cybercriminals. The report, based on data collected during this period, provides a deeper understanding of current threats and industry trends.

One of the key changes was the introduction of a new threat measurement system—TICKS. Instead of counting each attack per firewall as previously done (HITS), the new system measures the number of hours a firewall is subjected to malicious activity. This approach offers a more accurate picture and simplifies data analysis.

Business Email Compromise (BEC) attacks have surged significantly. According to SonicWall, for every ransomware attack, there are ten BEC incidents, with 70% of these attacks involving various social engineering techniques.

In the first half of 2024, attacks on IoT devices increased by 107%. On average, these devices were under attack for 52.8 hours. The primary reason for this vulnerability is the low level of security in IoT devices, making them easy targets for cybercriminals.

Eighty-three percent of alerts received from SonicWall’s managed services are related to cloud applications and compromised credentials. This confirms the continued growth of cloud services as targets for attacks in 2024 and beyond.

Supply chain attacks are becoming increasingly frequent and sophisticated. This year, serious security flaws have been identified, such as the JetBrains TeamCity authentication vulnerability, which allows attackers to gain full control over systems. Sixteen percent of SonicWall’s clients were attacked using this vulnerability, most of which occurred in March.

PowerShell, a powerful automation and integration tool for Windows operating systems, is also being exploited by cybercriminals. Over 90% of major malware families, such as AgentTesla and LokiBot, actively use PowerShell for their operations. Despite efforts to prevent such attacks, perpetrators continue to find new ways to bypass security measures.

A significant factor in the rise of these attacks is the CVE-2023-1389 vulnerability, related to command injection in TP-Link devices, which affected 21% of small and medium-sized enterprises. The SonicWall report underscores the importance of enhancing cybersecurity measures to protect against growing threats. Experts recommend focusing particularly on the security of IoT devices and improving supply chain protections.

Related Posts: