Nokia’s Threat Intelligence Report warns on evolving threat of malicious software targeting IoT devices

Yesterday, Nokia released its threat intelligence report, which contained some interesting findings about Internet of Things (IoT) devices being recruited into Botnets. The report states that IoT botnet activity represented 78% of malware detection events in communication service provider (CSP) networks in 2018, more than double the rate seen in 2016, when IoT bot activity was first seen in meaningful numbers. In addition, IoT bots now make up 16% of infected devices in CSP networks, up significantly from 3.5% a year ago.

Commenting on this, Yossi Naar, co-founder and chief visionary officer at Cybereason, said “The problem with securing hundreds of billions of connected devices is that we must secure hundreds of billions of connected devices. That may seem obvious and slightly nonsensical, but it is the vast attack surface and the potential complexity of the IoT device security challenge that has us all concerned. Yet, and at odds with that potential complexity challenge, is the reality that we must make IoT security simple. Attackers can use IoT devices as routes of attack to move into computers, servers, and company systems so being able to detect a threat’s movement across devices is key. It is also nearly impossible, without using AI, to make sense of all the metadata that is being created.


“Today, we see how cybercriminals can quickly build vast armies of attack bots and launch global security offensives. While the Mirai botnet in 2016 was the most infamous, as routers and IP cameras were taken hostage in the hundreds of thousands, many more IoT botnets have cropped up since then. That includes the Satori IoT malware in December 2017 that amassed a botnet of more than 100,000 routers. And, in July 2018, when another attacker exploited a vulnerability to attack routers and build an 18,000-device botnet in a single day. In other cases, attackers strengthened existing botnets by conscripting IoT devices. The creators of the LizardStresser botnet infamously hijacked 1,300 Internet-enabled cameras to add to an existing network of infected machines.


“Organisations have tended to focus on product features and getting a device to market as quickly as possible. In too many cases security features are considered towards the end of the design process when making a product more secure can mean reducing or eliminating features, or even delaying a product release — outcomes that adversely affect sales. It’s a situation that can end without any winners, with devices released that are inherently insecure. Simply put, security needs to be a primary design consideration, as fundamental as any other measure of performance. There should be a focus on tight mechanisms for strong authentication and the minimization of the potential attack surface. It’s a fundamental design philosophy that responsible companies have, but it’s not a reflex for all companies – yet.”