Sam Fenwick

Nokia: IoT botnet activity up 33% since 2016

News

According to Nokia’s Threat Intelligence Report 2019, IoT (Internet of Things) botnet activity accounted for 78 per cent of malware detection events in communication service provider (CSP) networks in 2018. This is up from the 33 per cent seen in 2016, when IoT botnets were first seen in meaningful numbers.

A botnet is a system of computers that can be infected with malicious software and controlled by a single computer for doing things like stealing bank account information and shuttering web sites. The report is based on data aggregated from monitoring network traffic this year on more than 150 million devices globally where Nokia's NetGuard Endpoint Security product is deployed. In 2018, IoT bots made up 16 per cent of infected devices in CSP networks, up from the 3.5 per cent observed in 2017. In the same year, the average monthly infection rate in mobile networks was 0.31 per cent. According to the report’s findings, among smartphones, Android devices are the most commonly targeted by malware. In mobile networks, Android devices were responsible for 47.15 per cent of observed malware infections, Windows/PCs for 35.82 per cent and iPhones for less than one per cent.

The report also found that malware-infected crypto-coin mining is expanding from high-end servers with specialised processors to IoT devices as well as smartphones and web browsers. Crypto-coin mining is generally the process by which crypto currency transactions are verified and added to blockchain technology systems.

It also attributes some of the rise in IoT device malware infection rates to the fact that attacks on mobile and fixed networks in 2018 decreased from previous years. It views this a result not only of cyber criminals looking further afield for softer targets, like IoT devices, but of better-protected networks, platforms and mobile devices that are designed and built with security in mind.

"Cyber criminals are switching gears from the traditional computer and smartphone ecosystems and now targeting the growing number of vulnerable IoT devices that are being deployed. You have thousands of IoT device manufacturers wanting to move product fast to market and, unfortunately, security is often an afterthought," said Kevin McNamee, director of Nokia's Threat Intelligence Lab and lead author of the report.

"Cyber criminals have increasingly smart tools to scan for and to quickly exploit vulnerable devices, and they have new tools for spreading their malware and bypassing firewalls. If a vulnerable device is deployed on the internet, it will be exploited in a matter of minutes," McNamee added.

The report can be downloaded here

For more on cyber security, see Kate O'Flaherty's recent article on this topic

Cyber security
IoT
Nokia