The use of malicious software to attack IoT devices like smart home security monitoring systems is rising substantially and growing more sophisticated as cyber criminals take advantage of lax security, Nokia’s Threat Intelligence Report 2019 warned on Tuesday.
Driven by financial and other nefarious purposes, IoT botnet activity accounted for 78 percent of malware detection events in communication service provider (CSP) networks in 2018, according to the report, which is based on data aggregated from monitoring network traffic this year on more than 150 million devices globally where Nokia’s NetGuard Endpoint Security product is deployed.
That has risen from 33 percent in 2016, when IoT botnets were first seen in meaningful numbers. A botnet is a system of computers that can be infected with malicious software and controlled by a single computer for doing things like stealing bank account information and shuttering web sites.
As an indicator of the rising threat, the report found that malware-infected crypto-coin mining is expanding from high-end servers with specialized processors to IoT devices as well as smartphones and web browsers. Crypto-coin mining is generally the process by which crypto currency transactions are verified and added to blockchain technology systems.
Industry analysts widely expect IoT device adoption to accelerate with 5G. The high bandwidth, large-scale and ultra-low latency capabilities of 5G greatly facilitate connecting billions of things to the internet, including smart home security monitoring systems, vehicles, drones and medical devices.
But, as the Threat Intelligence report’s findings underscore, lagging security protection of many current IoT devices and increasing technical sophistication are giving cyber criminals broader scope for successfully launching IoT device attacks.
“Cyber criminals are switching gears from the traditional computer and smartphone ecosystems and now targeting the growing number of vulnerable IoT devices that are being deployed. You have thousands of IoT device manufacturers wanting to move product fast to market and, unfortunately, security is often an afterthought,” said Kevin McNamee, director of Nokia’s Threat Intelligence Lab and lead author of the report. In 2018, IoT bots made up 16 percent of infected devices in CSP networks, up significantly from the 3.5 percent observed in 2017.
“Cyber criminals have increasingly smart tools to scan for and to quickly exploit vulnerable devices, and they have new tools for spreading their malware and bypassing firewalls. If a vulnerable device is deployed on the internet, it will be exploited in a matter of minutes,” McNamee said.
Also explaining some of the rise in IoT device malware infection rates is the fact that attacks on mobile and fixed networks in 2018 decreased from previous years. This is a result of cyber criminals looking further afield for softer targets such as IoT devices, as well as of better-protected networks, platforms and mobile devices that are designed and built with security in mind.
The Nokia NetGuard security suite provides protection against a wide variety of bots and malware. The suite aggregates, analyses and correlates security data from a variety of sources, including endpoint detection software, to help security teams control risks and costs and to improve decision making.
The NetGuard Endpoint Security software includes an IoT behavioral anomaly detection component that is capable of constantly tracking devices against security threats. The individual traffic profiles of any device, including an IoT device, are machine-learned automatically by the Endpoint system; any anomalies detected triggers immediate troubleshooting against threats.
With NetGuard Security Management, consumers can use Secure Network Auditing Platform to orchestrate identity access, configuration management and security compliance analytics. It delivers a complete security management solution that provides centralized configuration, monitoring and analysis for security functions in multi-vendor networks; network-wide attribute- and role-based identity management, access management, and single sign-on capabilities; auditing and analysis of all parameters in physical and virtual networks to preserve data integrity; and discovery and correction of discrepancies in inventory data.