Security attacks on IoT devices increased by 107% in the first five months of 2024, compared with the same period last year, as the average number of hours affected devices are under attack also increased, according to the 2024 SonicWall Mid-Year Cyber Threat Report from cybersecurity technology vendor SonicWall.
“This rise underscores that attackers are more frequently targeting IoT devices, likely due to the fact that IoT devices tend to be easier targets,” the report stated. “These devices often lack robust security measures, while simultaneously the attack surfaces of mainstream systems such as Microsoft Windows, continue to be hardened.”
The SonicWall Capture Threat network of devices, which draws data from more than 1 million security sensors deployed worldwide also found that hours-under-attack for affected IoT devices averaged 52.8 hours per week, longer than the typical 40-hour work week for some of the businesses being affected.
“One of the biggest factors in this dramatic increase is CVE-2023-1389, which is a TP-Link command injection vulnerability,” a SonicWall blog post stated. “This vulnerability has impacted 21% of SMBs by itself. Combine that with other IoT attacks and the meteoric rise begins to make sense.”
The report also stated that total global malware volume rose 30% in the first half of 2024, with a 92% increase in May alone. Research also found that about 15% of all malware now uses software packing as its MITRE TTP attack method, which is particularly vexing for anti-virus software, as it is a process for encrypting and compressing malicious code and combining it with other executable software.
Overall, encrypted threats were up about 92% since the same period last year, which SonicWall suggested is an indication that more attackers have started using AI tools in their attacks.
In addition, SonicWall identified 78,923 “never-before-seen” malware variants, or about 526 new variants per day for the five-month study period.
Ransomware is trending up, having increased more than 15% year-over-year in North America and more than 51% in Latin America, though globally ransomware growth appeared more moderate due to a 49% decline in the EMEA region, the report stated.