Internet of Things (IoT) devices are now responsible for 32.72% of all infections observed in mobile networks, up from 16.17% in 2019, according to a new Nokia Threat Intelligence Report 2020. This trend lines up with the growing number of IoT devices that are now connected to mobile networks, says Nokia's Threat Intelligence Lab. 

With the widespread proliferation of IoT devices, it is to be expected that the number of IoT infections will grow dramatically. 


"As Figure 3 demonstrates, in 2020 this led to the increase of the share that IoT infections have in the overall device breakdown. The rate of success in infecting IoT devices depends dramatically with the visibility of the devices to the internet. In networks where devices are routinely assigned public facing internet IP addresses, we find a high IoT infection rate. In networks where carrier grade NAT is used, the infection rate is considerably reduced, because the vulnerable devices are not visible to network scanning," says the report. 

According to Nokia, with the introduction of 5G well underway, it is expected that not only the number of IoT devices will increase dramatically, but also the share of IoT devices accessible directly from the internet will increase as well. A separate section of the report analyzes the security challenges in the 5G environment and highlights the important role that Threat Intelligence can play in addressing security issues in multiple systems of the 5G architecture. 

Key findings from the report include:

  • Covid-19 caused a surge in mobile malware infections. In 2020, the average monthly infection rate in mobile networks was 0.23%. In February and March, however, the monthly mobile infection rate increased by almost 30% over the previous months, largely due to the significant escalation of cyber security incidents related to the Covid-19 pandemic.
  • The impact of Covid-19 was felt later in fixed broadband. For fixed broadband networks, the average monthly infection rate per residence was 2.16%. While this is down overall compared to 2019, there was a sharp increase in infection rates in May and June due to the Covid-19 pandemic — but this spike happened two months after the one observed in mobile networks.
  • Android devices are the most common malware targets. Android devices are responsible for 26.64% of infections across all platforms, but this is down from 47.15% in 2019. While this change is due in part to improved security in Android device, it is mostly the result of the increase in IoTrelated infections.
  • PCs lead the way in infections. Windows/PCs are responsible for 38.92% of all infections, up slightly from 35.82% in 2019.
  • Info-stealers and spyware are on the rise. There is a strong trend toward info-stealers and mobile spyware, which make up 35.76% of all Android infections.
  • Trojans are now the malware of choice. The share of malware detected as Trojans jumped to 74% from just 34% in 2019, largely because the exceptional circumstance of this year have made phishing campaigns the best way to delivery malware directly to users. The relative share of worms and viruses has decreased in 2020.

Dirk Schrader, Global Vice President at New Net Technologies (NNT), says, “It’s no surprise that IoT devices are the crown jewels for cybercriminals. Businesses around the world are transforming their processes, their production lines using digitalized assets. Having control over these assets means that a cybercriminal’s hand is – literally – at the main switch of a digitally transformed company. The danger of being shut down almost completely is the reason why companies are more likely to pay even higher ransoms."

Schrader notes, "The situation has certainly worsened during the pandemic, as the IT operations and information security teams had to organize, setup, and secure a remote workforce more or less in no time. Plans for digital transformation need to be altered to reflect this ‘new normal’, and such the problem is likely to worsen.”

Brandon Hoffman, Chief Information Security Officer at Netenrich, explains, “Some theories on why IoT infections have become so valuable to cybercriminals is that they are unmonitored devices. Cybercriminals need infrastructure to perpetrate their attacks. As devices at home and other “things” become smarter, and have computing capacity they don’t need, cybercriminals can snap that computing power up and use it to perform attacks, transfer data anonymously, and store it in places people aren’t looking. The pandemic has certainly increased the attack surface of IoT devices because people are not spending money on vacations and therefore are buying more “things” for their homes.”