India in the top 3 countries with most IoT malware, Microsoft report

India witnessed the third highest internet of things (IoT) malware infections in 2022 after China and the US, according to Microsoft's Cyber Signals Report released on Wednesday, which sheds light on IoT and Operational Technology (OT) threats.

Microsoft researchers noted that organisations and individuals need to rethink cyber risk impact keeping in mind the growing prolifertaion of OT devices, be it in building management systems, fire control systems, or physical access control mechanisms, such as doors and elevators. 

“As OT systems underpinning energy, transportation, and other infrastructures become increasingly connected to IT systems, the risk of disruption and damage grows as boundaries blur between these formerly separated worlds,” said Vasu Jakkal, corporate vice president, security, compliance, identity, and management at Microsoft.   

The study noted a spike in threats across traditional IT equipment, OT controllers and IoT devices like routers and cameras fuelled by the interconnectivity many organisations have adopted in recent years. While China shows 30% of outbound malware infection attempts, it is followed by the US (19%) and India (10%), the study showed. Korea, Taiwan, Russia, Pakistan and Israel are the other top countries originating IoT malware, as per the report.  

According to the study, over the past year, there have been threats exploiting devices in almost every part of an organisation. Moreover, advanced attackers are leveraging multiple tactics and approaches in OT environments. Many of these approaches are common in IT environments but are more effective in OT environments, like discovery of exposed, Internet-facing systems, abuse of employee login credentials or exploitation of access granted to third-party suppliers and contractors to the network, showed the study.  

Modern threats like sophisticated malware, targeted attacks, and malicious insiders are difficult for traditional security measures to contain.  

Moreover, older operating systems often don’t get the updates required to keep networks secure. Therefore, prioritising IT, OT, and IoT device visibility is an important first step for managing vulnerabilities and securing these environments.  

Across the customer networks Microsoft monitors, 29% of Windows operating systems have versions that are no longer supported. Versions such as Windows XP and Windows 2000 are still operating in vulnerable environments. 

Microsoft also observed over 1 million connected devices publicly visible on the Internet running Boa, an outdated and unsupported software still widely used in IoT devices and software development kits (SDKs).  

A June 2022 report by IT consulting firm Capgemini said that 84% of Indian security experts were unable to respond effectively to cyberattacks in their smart factories and manufacturing locations. In fact, more than half acknowledged that the number of cyberattacks will likely increase over the next 12 months.    

“OT systems have traditionally worked in complete isolation from the enterprise network and traffic. The transition from isolated industrial control systems to a fully converged environment, allows any existing cyber threats in the IT environment to move laterally into the OT environment if the convergence is not designed and implemented properly posing major risks for smart manufacturing companies,” Clifton Menezes, executive vice president, India Head, Group Portfolio at Capgemini told TechCircle in an interview.  

The International Data Corporation (IDC) estimates there will be 41.6 billion connected IoT devices by 2025, a growth rate higher than traditional IT equipment. Although security of IT equipment has strengthened in recent years, the Microsoft report warned that IoT and OT device security has not kept pace, putting organisations into particularly high risk.