IoT Device Takeovers Surge 100 Percent in 2020

IoT infections

The COVID-19 pandemic, coupled with an explosion in the number of connected devices, have led to a swelling in IoT infections observed on wireless networks.

Connected cameras, refrigerators and other seemingly-mundane internet-of-things (IoT) devices are a cybercriminal favorite this year, with new research showing a sharp increase (100 percent) in IoT infections observed on wireless networks.

IoT devices are now responsible for 32.72 percent of all infections observed in mobile and Wi-Fi networks – up from 16.17 percent in 2019. And researchers with Nokia’s Threat Intelligence Lab said, in the Threat Intelligence Report 2020 released this week, that they believe that number of IoT infections will continue to grow “dramatically” as connected devices continue to populate in homes and enterprise settings alike.

“It’s not a surprise that IoT devices are the crown jewels for cybercriminals,” Dirk Schrader, global vice president at New Net Technologies, told Threatpost. “Businesses around the world are transforming their processes, their production lines using digitalized assets. Having control over these assets means that a cybercriminal’s hand is – literally – at the main switch of a digitally transformed company. ”

IoT devices are even a target for ransomware, he added: “The danger of being shut down almost completely is the reason why companies are more likely to pay even higher ransoms.”

Researchers pointed to the visibility of devices connected to the internet as a barometer for IoT infection rates, with high IoT infection rates occurring when devices are connected to publicly facing internet IP addresses. In networks where carrier grade network address translation (NAT) is enabled on a firewall or router, the infection rate is reduced, as the connected devices are not visible to network scanning, they said. While standard NAT translates a private IPv4 address to public IPv4 address, carrier-grade adds an additional translation layer as an extra security measure.

There are more and more devices for cybercriminals to scan: Brandon Hoffman, CISO at Netenrich, pointed out that due to the pandemic, people are also not spending money on vacations and therefore buying more connected “things” for their homes.

“As devices at home and other ‘things’ become smarter, and have computing capacity they don’t need, cybercriminals can snap that computing power up and use it to perform attacks, transfer data anonymously, and store it in places people aren’t looking,” Hoffman told Threatpost.

Overall, in 2020, Android devices were the most commonly targeted by malware, researchers found, making up 26.64 percent of all infections. Meanwhile, Windows devices and PCs, which are increasingly connected to mobile networks via USB dongles and Wi-Fi, made up 38.92 percent.

Researchers said that the coronavirus pandemic caused a surge (a 30 percent increase over 2019, specifically) in mobile-malware infections, saying the volume and type of attacks have also seen “profound” changes.

“The situation is certainly worsened during the pandemic, as the IT operations and information security teams had to organize, setup and secure a remote workforce more or less in no time,” Schrader said. “Plans for digital transformation need to be altered to reflect this ‘new normal,’ and such the problem is likely to worsen.”

IoT devices have long been under scrutiny for their lack of security measures, with researchers finding in March that more than half of all IoT devices are vulnerable to medium- or high-severity attacks, for instance.

In September,  researchers found a Bluetooth Low Energy (BLE) vulnerability that impacted billions of IoT devices and remained unpatched in Android devices. And in August, researchers urged connected-device manufacturers to ensure they applied patches addressing a flaw in a module used by millions of IoT devices.

Meanwhile, the growth in IoT is far from over: The introduction of 5G is also expected to continue to increase not just the number of IoT devices, but the share of connected devices accessible directly from the internet.


Suggested articles