If you’re like most people between the ages of 30-50, the Nokia brand probably gives you fond memories of seemingly indestructible pre-iPhone cell phones, which could last for a week on one battery charge. But even though Nokia lost significant phone market share as the iOS and Android wars became a thing, the Finnish corporation is still active in conducting useful cybersecurity research. Here’s how the company recently described itself, “We create the technology to connect the world. Powered by the research and innovation of Nokia Bell Labs, we serve communications service providers, governments, large enterprises, and consumers with the industry’s most complete, end-to-end portfolio of products, services and licensing. We adhere to the highest ethical business standards as we create technology with social purpose, quality and integrity. Nokia is enabling the infrastructure for 5G and the Internet of Things to transform the human experience.”
The Internet of Things is an increasing concern
Nokia understands the Internet of Things (IoT) is a dangerous new frontier for cyber attacks. IoT is all about putting internet connectivity into “things” and making them smart, like your Fitbit, smartwatch, kitchen appliances, children’s toys, home entertainment centers, on-board automotive systems, medical equipment, industrial infrastructure, you name it. If something that isn’t a traditional computer like a PC, server, video game console, or smartphone has internet access, it is an IoT device. And the proliferation of these devices has exploded in recent years. But when IoT can soon control the movements of a car, the operation of a medical device, or the functioning of industrial equipment, IoT cyber attacks will become lethal weapons to be used against human lives.
IoT is exploited for destructive botnets
IoT devices can also be exploited for botnets, which are formed when cyber attackers put bot malware several different computers, and then hackers can control all those devices against the will of their owners to conduct large-scale attacks. The Mirai botnet targeted DNS servers back in 2016, which tell your web browser which IP addresses are connected to which domain names—in other words, they resolve “184.108.40.206” to “google.com.” Because it’s very tedious and frustrating to type in IP addresses every time you want to visit a website or send an email, when DNS servers go down they take people’s ability to use the internet down with them.
The servers that cyber attackers use to control their botnets and malware are referred to as command and control servers. One common way that cyber attackers use botnets is to conduct distributed denial-of-service attacks. That’s when a whole bunch of computers work in unison to send an overwhelming amount of data to an internet server or access point in order to put it “out of service.” The server or access point typically remains offline until an administrator does the work to put it back online.
Regarding the Mirai botnet, Brian Krebs reported in 2016: “On Tuesday evening, KrebsOnSecurity.com was the target of an extremely large and unusual distributed denial-of-service (DDoS) attack designed to knock the site offline. The attack did not succeed thanks to the hard work of the engineers at Akamai, the company that protects my site from such digital sieges. But according to Akamai, it was nearly double the size of the largest attack they’d seen previously and was among the biggest assaults the internet has ever witnessed.”
Krebs explains more, “The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 gigabits of traffic per second. Additional analysis on the attack traffic suggests the assault was closer to 620 gbps in size, but in any case, this is more traffic than is typically needed to knock most sites offline.”
Nokia’s 2019 Threat Intelligence Report sees Mirai as a harbinger of IoT botnets to come: “The peak at the end of 2016 is the original Mirai botnet. The activity in 2017 and 2018 is due to IoT botnet varieties that have either evolved directly from the original Mirai code or have been developed independently using the same basic architecture. The peaks are associated with the scanning, exploitation and command and control (C2) activity that occurs during the botnet building phase.”
The company went on to say, “IoT botnet activity was responsible for 78% of the malware detection events we have seen in carrier networks in 2018, with Mirai variants alone being responsible for 35%. Most of this is attributable to network scanning activity looking for vulnerable devices, attempting to exploit them and adding them to the botnet.”
So yeah, that thermostat you can control from your phone app when you’re not at home could be used by cyber attackers to bring harm. The same goes for your Amazon Echo system, or your baby monitors you use to check on your sleeping child or to spy on the babysitter. Cyber attackers want to exploit your fancy new toys, and that’s why it’s so important to improve their cybersecurity. According to Nokia, IoT botnet malware make up 16% of the infected devices they’ve observed, up from 3.5% a year ago!
IoT is also being exploited for cryptomining
IoT malware is also being used to exploit your IoT devices to create Bitcoin and other cryptocurrencies for cyber attackers. Nokia reports, “A number of coin-miners are now targeting IoT devices. An example of this is the ADB.Miner bot that exploits Android-based IoT devices with an open Android Debug Bridge (ADB) port. ADB is used by developers to debug Android applications and is not normally left open on production devices. However, apparently some Android-based smart TVs, set-top boxes, tablets and other Android-based IoT devices have been deployed accidentally with this debug port open. This effectively gives the attacker shell access over the network. The coin mining software is loaded via a shell script and the device becomes part of ADB.Miner botnet. In not only starts to mine coins 24/7, but like other Mirai based bots, it also scans the local network and the internet looking for other victims.”
Smartphones are less attractive to cyber attackers
But there is some good news. Mobile malware detected by Nokia peaked in June 2016 at a rate of 0.46%, but mobile malware infection rates have dropped in 2018, with a monthly average of 0.31%. Nokia believes that’s partly due to mobile app stores like Apple’s App Store and the Google Play Store becoming more security-conscious, and partly due to cyber attackers shifting their focus to IoT.