• IoT botnet activity represented 78% of malware detection events in communication service provider networks in 2018, more than double the rate seen in 2016, when IoT bot activity was first seen in meaningful numbers

• IoT bots now make up 16% of infected devices in CSP networks, up significantly from 3.5% a year ago

• Malware threats against IoT devices could get worse as consumer adoption of such devices accelerate in the years ahead as 5G capabilities - including extreme broadband, ultra-low latency connectivity, and massive networking - advance

4 December 2018

Espoo, Finland - The use of malicious software to attack IoT devices like smart home security monitoring systems is rising substantially and growing more sophisticated as cyber criminals take advantage of lax security, Nokia's Threat Intelligence Report 2019 warned on Tuesday.

Driven by financial and other nefarious purposes, IoT botnet activity accounted for 78% of malware detection events in communication service provider (CSP) networks in 2018, according to the report, which is based on data aggregated from monitoring network traffic this year on more than 150 million devices globally where Nokia's NetGuard Endpoint Security product is deployed.

That is up sharply from 33% in 2016, when IoT botnets were first seen in meaningful numbers. A botnet is a system of computers that can be infected with malicious software and controlled by a single computer for doing things like stealing bank account information and shuttering web sites.

"Cyber criminals are switching gears from the traditional computer and smartphone ecosystems and now targeting the growing number of vulnerable IoT devices that are being deployed. You have thousands of IoT device manufacturers wanting to move product fast to market and, unfortunately, security is often an afterthought," said Kevin McNamee, director of Nokia's Threat Intelligence Lab and lead author of the report. In 2018, IoT bots made up 16% of infected devices in CSP networks, up significantly from the 3.5% observed in 2017.

As an indicator of the rising threat, the report found that malware-infected crypto-coin mining is expanding from high-end servers with specialized processors to IoT devices as well as smartphones and web browsers. Crypto-coin mining is generally the process by which crypto currency transactions are verified and added to blockchain technology systems.

Industry analysts widely expect IoT device adoption to accelerate with 5G. The high bandwidth, large-scale and ultra-low latency capabilities of 5G greatly facilitate connecting billions of things to the internet, including smart home security monitoring systems, vehicles, drones and medical devices.

But, as the Threat Intelligence report's findings underscore, lagging security protection of many current IoT devices and increasing technical sophistication are giving cyber criminals broader scope for successfully launching IoT device attacks.

"Cyber criminals have increasingly smart tools to scan for and to quickly exploit vulnerable devices, and they have new tools for spreading their malware and bypassing firewalls. If a vulnerable device is deployed on the internet, it will be exploited in a matter of minutes," McNamee said.

Also explaining some of the rise in IoT device malware infection rates is the fact that attacks on mobile and fixed networks in 2018 decreased from previous years. This is a result not only of cyber criminals looking further afield for softer targets, like IoT devices, but of better-protected networks, platforms and mobile devices that are designed and built with security in mind.

The Nokia NetGuard security suite provides protection against a wide variety of bots and malware. The suite aggregates, analyses and correlates security data from a variety of sources, including endpoint detection software, to help security teams control risks and costs and to improve decision making.

The NetGuard Endpoint Security software includes an IoT behavioral anomaly detection component that is capable of constantly tracking devices against security threats. The individual traffic profiles of any device, including an IoT device, are machine-learned automatically by the Endpoint system; any anomalies detected triggers immediate trouble-shooting against threats.