IoT botnet activity represented 78 percent of malware detection events in communication service provider networks in 2018, according to Nokia’s Threat Intelligence Report 2019. This is more than double the rate in 2016 when botnets were first seen in significant numbers — IoT botnets accounted for 33 percent that year. And these types of attacks will likely become even worse in 2019.
“We’re not over the hump of the problem yet,” said Kevin McNamee, director of Nokia’s Threat Intelligence Lab and lead author of the report. “We’re going to see these IoT botnets get larger and start to do more significant damage. They are branching out and becoming more sophisticated, and the techniques they are using to spread malware are becoming more sophisticated.”
The report also found that IoT bots now make up 16 percent of infected devices in cloud service provider networks, up from just 3.5 percent a year ago. IoT devices are typically unprotected by normal security measures such as firewalls and anti-virus software that are commonly available to traditional computing devices. This makes these devices very easy targets.
“If you have an IoT device and it has any vulnerability and it’s visible from the Internet, it will be attacked in a number of minutes,” he said. “Sixteen percent of infected devices is quite significant when you consider the device populations. There’s a lot of mobile phones and Windows laptops and PCs out there. As IoT devices get more common, that 16 percent is only going to grow.”
Nokia’s annual report is based on data aggregated from monitoring network traffic this year on more than 150 million devices globally where Nokia’s NetGuard Endpoint Security product is deployed.
It comes less than a week after a USTelecom-led group published its first International Anti-Botnet Guide. Some member companies and contributors to that report include Intel, Ericsson, Samsung, Oracle, Cisco, IBM, AT&T, CenturyLink, NTT, and Verizon.
Mobile, Fixed Network Attacks Decreased
Interestingly, the Nokia report found fewer attacks on mobile and fixed networks in 2018 compared to previous years. Mobile device malware, for example, peaked in 2016 before steadily declining over the last two years. In 2018 the average percentage of devices infected each month was 0.31 percent. This is averaged from mobile deployments in Europe, North America, Asia Pacific and the Middle East.
One of the reasons behind the decrease is that cybercriminals are now focusing more on IoT devices rather than smartphones.
5G Will Likely Make It Worse
Industry analysts widely expect IoT device adoption to accelerate with 5G. The high bandwidth, large-scale, and low-latency capabilities of 5G facilitate connecting billions of things to the internet, including smart home security monitoring systems, vehicles, drones, and medical devices.
“5G is designed to basically open up the mobile network to all sorts of devices,” McNamee said.
But lagging security protection of many current IoT devices and increasing technical sophistication give attackers broader scope for successfully launching IoT device attacks.
“It’s not just the devices themselves that are an issue, it’s the whole architecture that supports the IoT device,” McNamee said. He used a video camera connected to a cell phone via a web service as an example. “That’s a big attack surface, and I think we will see people not hacking into the device but hacking into that web service.”
Take a video-surveillance company: “if you can hack into their service, then you can potentially hack into all of the cameras under their control,” he added. “If you look for major breaches, that’s the type of thing you’re going to see.”
IoT Security Best Practices
However, it’s not all doom and gloom. McNamee says service providers and device manufacturers are heading in the right direction in terms of boosting IoT security. And the Nokia report addresses security solutions and best practices.
“First of all, devices have to be securely managed,” McNamee said. This involves software, firmware, and patching. “Service providers and enterprises deploying IoT at any scale should make sure they are doing it by a managed mechanism so those devices can be managed, patched, and make sure any security flaw is addressed.”
Carriers should monitor their network traffic to ensure devices are behaving normally.
Additionally, IoT devices must have secure communication in terms of authentication, integrity, and confidentiality. If a device is compromised, it needs to be isolated from the rest of the network.
“Carriers in particular and enterprises have to be able to identify any IoT devices in their network that are misbehaving and that have been compromised,” McNamee said, adding that automated, rapid response capabilities are best.