Also major IoT device security vulnerabilities are peaking
Nokia has issued its latest Threat Intelligence Report, revealing a new all-time high in mobile device malware infections, a sharp increase in compromised smartphones and major Internet of Things (IoT) device security vulnerabilities.
The latest report revealed a steady increase in mobile device infections throughout 2016, with malware striking 1.35% of all mobile devices in October, the highest level seen since reporting started in 2012.
The report also revealed a surge of nearly 400% in smartphone malware attacks in 2016. Smartphones were the most targeted devices in the second half of the year, accounting for 85% of all mobile device infections.
The overall infection rate for mobile devices increased 63% in the second half of 2016, compared to the first half of the year. Android-based devices continue to be the primary target for malware attacks (81%). However, iOS and other mobile devices were also targeted in the second half of the year (4%), primarily by Spyphone surveillance software that tracks users’ calls, text messages, social media applications, web searches, GPS locations and other activities.
Meanwhile, Windows/PC systems accounted for 15% of malware infections in the second half of 2016, down from 22% in the first half of the year.
The Threat Intelligence Report also exposed major vulnerabilities in the rapidly expanding universe of IoT devices, underscoring the need for the industry to re-evaluate its IoT deployment strategies to ensure these devices are securely configured, managed and monitored.
Kevin McNamee, head of the Nokia Threat Intelligence Lab, said: “The security of IoT devices has become a major concern. The Mirai botnet attacks last year demonstrated how thousands of unsecured IoT devices could easily be hijacked to launch crippling DDoS attacks. As the number and types of IoT devices continue to proliferate, the risks will only increase. Nokia’s network-based security can help address this growing threat by detecting activity before a DDoS attack occurs, enabling service providers to take corrective actions that mitigate the impact.”
In late 2016, the Mirai botnet assembled an army of compromised IoT devices to launch three of the largest DDoS attacks in history, including an assault that took down many high-profile web services. These attacks underscored the urgent requirement for more robust security capabilities to protect IoT devices from future attacks and exploitation.