A new report from Finland’s Nokia has revealed that mobile device malware infections reached record highs last year.
The once-mighty handset maker’s Threat Intelligence Report also noted a sharp increase in major Internet of Things (IoT) vulnerabilities in 2016, warning that connected device manufacturers must improve the security of their products to prevent future exploitation on the scale of last year’s Mirai botnet attacks.
In all, the report found that mobile device malware infections increased by 63% in the second half of 2016 compared to the first six months of the year. Infected devices reached 1.35% of all activated units in October, the highest level on record since the study began in 2012.
Smartphones were unsurprisingly the top target for malware distributors, accounting for 85% of all mobile device infections in the second half of the year.
The report examines how the cyber hackers behind the Mirai botnet were able to compromise an army of IoT devices that were used in huge attacks such as the DDoS takedown of internet backbone provider Dyn in October last year.
In conclusion, the report’s authors argue that IoT device manufacturers must come up with new ways to protect their products as part of efforts to stop cyber criminals creating similar botnets to Mirai in the future. They advise that connected devices “must be securely configured, securely managed and monitored”.
In a statement, Kevin McNamee, head of the Nokia Threat Intelligence Lab, said: “The security of IoT devices has become a major concern. The Mirai botnet attacks last year demonstrated how thousands of unsecured IoT devices could easily be hijacked to launch crippling DDoS attacks. As the number and types of IoT devices continue to proliferate, the risks will only increase.”
The makers of connected devices have attracted high levels of criticism for failing to add adequate security to their products, which are often rushed to market with little thought given to their vulnerability to attack.
In research published to coincide with Mobile World Congress 2017 in Barcelona at the end of February, Czech security software firm Avast revealed there were 5.3 million infected IoT devices in Spain alone – including smart kettles, coffee machines, garage doors, fridges, thermostats and other IP-connected products.
Commenting on the firm’s findings, Avast CEO Vince Steckler said: “With databases of commonly known device vulnerabilities publicly available, it doesn’t take a vast amount of effort and knowledge for cyber criminals to connect the dots and find out which devices are vulnerable.
“And even if the devices are password protected, hackers often gain access by trying out the most common usernames and passwords until they crack it.”