IoT Security: Key Findings from Nokia's 2023 Threat Intelligence Report

Despite the fact that legislation is being introduced to improve cybersecurity in modern IoT devices, legacy products that remain in active use are contributing to numerous cyberattacks, with the number of IoT-based attacks increasing by five times. 

The Nokia Threat Intelligence Report 2023, a comprehensive study on the trends of 4G and 5G security attacks, malware attacks, and other forms of cyberattacks, has shed light on the escalating threat landscape in the realm of IoT. The report, compiled by experts from various Nokia security centres and including data from a survey of 50 CSPs, underscores the urgency of robust 5G network security measures.

What challenges do older devices present to global cybersecurity, what did a recent report show regarding IoT cybersecurity, and what does this mean for the future of IoT devices?

What challenges do older devices present to global cybersecurity?

It is estimated that there are more than 20 billion IoT devices in active use around the world, and that doesn’t even include smartphones, computers, and servers. With so many connected devices around the world, it is amazing to see how modern internet infrastructure has been designed to support this growing ecosystem.

As Bruce Schneier, a renowned cryptologist and computer security expert, points out, "Everything is now a computer." Our phones, refrigerators, ATM machines, and cars have essentially become computers that perform functions in the physical world. This is the essence of the Internet of Things (IoT), and it's what's contributing to the rise in cyberattacks. IoT devices are not just objects with a bit of silicon and electronics baked in. They are devices sometimes running fully functional operating systems and enjoying broadband internet connections. This means that they are smart, but they are also hackable[1] 

But, as the number of internet-enabled devices grows, so do the opportunities for cybercriminals who will do anything they can to take control of devices for their own purposes, whether it is for data theft or launching denial of service attacks. In fact, one of the prime concerns regarding IoT devices over the pasts few years has been with regard to security, as millions of IoT devices working together can inflict serious damage to web services. 

While newer IoT devices are being deployed with improved security capabilities (such as secure boot, true random passwords, and encrypted communications), older devices are often riddled with security flaws that are not only easily exploited but often public knowledge. At the same time, many of these older devices are generally left unsupported by their respective manufacturers, meaning that updates are rarely provided when security flaws are found.

Schneier offers a perspective that "complexity is the worst enemy of security," especially true for computers and the internet. Attackers find ways to use software and operating systems maliciously in ways never imagined by their developers. This is partly due to security flaws found in the source code or the simple fact that the basic functionalities embedded in those software can be combined in countless ways[1] 

These security flaws, combined with the hundreds of millions of older IoT devices still in active deployment, result in a potentially dangerous ecosystem. A security flaw in a single device is likely to be reproducible across all similar devices, thus giving an attacker access to millions of devices around the world. From there, DDoS attacks can be launched, disrupting services such as search engines, video streaming services, infrastructure, and even industrial systems.

The interconnectedness of IoT devices introduces new vulnerabilities. As Schneier explains, "The more we connect things to each other, the more vulnerabilities in one thing affect other things." In many cases, a flaw in one system might not be critical per se, but when that system or component is combined or connected to another one, the same vulnerability might open up new ways to cause harm[1] 

According to the Nokia Threat Intelligence Report 2023, the sophistication of cybercriminal activity today is unprecedented. The report highlights the need for service providers, vendors, and regulators to develop more robust 5G network security measures, including implementing telco-centric threat detection and response and implementing robust security practices and awareness at all company levels. 

It is for these reasons that older IoT devices whose support has stopped must be removed from active use. If this is not possible (such as systems being used in critical infrastructure), then engineers need to deploy protection mechanisms inside of local networks to limit what insecure IoT devices can do and who is allowed remote access to them. This could include stronger firewalls, port forwarding, or traffic monitoring that can identify suspicious connections and block unusual requests.

As Hamdy Farid, SVP of Cloud & Network Services at Nokia, points out, 'The key findings in this report underline both the scale and sophistication of cybercriminal activity today. To mitigate the risks, it’s essential that service providers, vendors, and regulators work together to develop more robust 5G network security measures.' 

A new report shows a large increase in IoT-based attacks

A new report published in the Nokia Threat Intelligence Report 2023 has revealed that the number of IoT devices involved in DDoS attacks has increased five-fold over the past year, with the total number of devices increasing from 200,000 to 1 million.

The report also provides a detailed breakdown of the types of attacks being launched. For instance, it reveals that 60% of the attacks were aimed at disrupting services, 30% were aimed at data theft, and 10% were ransomware attacks. This data underscores the diverse nature of the threats posed by insecure IoT devices. 

In one instance, the report highlights a case where an insecure IoT device was exploited to launch a DDoS attack, disrupting services for thousands of users. This case underscores the potential for even a single device to cause widespread disruption. 

This data was compiled by experts at the Threat Intelligence Center in Canada, the Nokia Cyber Security Center in France; the Nokia Security Operations Center in India; and Nokia Deepfield, a part of Nokia focusing on software applications covering network analytics and DDoS security. It includes facts from the latest Nokia/GlobalData survey, which included respondents from 50 CSPs, crucial for planning security in the 5G era. 

In the report, the increase in attacks is attributed to multiple factors, including the Russian invasion of Ukraine (whereby state actors have been attempting to destabilise network resources in the West) and the growing number of insecure IoT devices providing criminals with an easy target. At the same time, cybercriminals are seeing increased revenue from hostage-type attacks, including ransomware and targeted DDoS. 

It was also revealed how IoT devices are now responsible for 40% of all DDoS traffic, highlighting the dangers and capabilities presented by IoT devices, and that the number of trojans targeting personal banking information doubled to 9%. But, it was also noted that the number of personal attacks against home networks has declined by 50% (3% to 1.5%), indicating that home networks are presenting less of a valuable target to criminals.

What does this mean for the future of IoT devices?

Despite their simplistic nature, IoT devices clearly present a major cybersecurity threat to the world. The very act of having an internet connection enables for all kinds of attacks to be launched, regardless of the hardware that a device may be operating (even a Z80-based computer with an ESP8266 can be used to launch attacks). 

It is for this reason that engineers must use all security measures possible in all IoT devices regardless of the function of that device or its complexity. Strong encryption must be used for all communication to prevent eavesdroppers from obtaining sensitive data, unused ports must be closed to prevent unauthorised remote access, software must always be up to date, and security updates must be provided over the entire life cycle of a device. 

Thankfully, the combination of improved technologies and powerful software development environments provides engineers with all the tools they need for designing secure devices. However, the millions of ageing devices still in active use will always present a major threat to modern internet-based infrastructure. If consumers refuse to upgrade their devices, the only real option for engineers is to make those devices and all supporting materials open-source so that others in the engineering community can continue to provide updates, helping to make the world a safer place.

The implications of these findings are far-reaching. For one, they highlight the urgent need for manufacturers to prioritize security in the design and production of IoT devices. They also underscore the importance of regular software updates to protect against known security flaws. Furthermore, they call attention to the need for consumers to be more vigilant about the security of their IoT devices, including regularly updating their devices and replacing older, unsupported devices. 

In conclusion, the escalating threat of IoT cyberattacks underscores the need for robust security measures. As the Nokia Threat Intelligence Report 2023 highlights, it is crucial for service providers, vendors, and regulators to work together to mitigate these risks and protect our increasingly connected world. 

Reference Section:

1. IoT Security Foundation. (2023). What Bruce Schneier teaches us about IoT and cybersecurity. Retrieved from https://iotsecurityfoundation.org/what-bruce-schneier-teaches-us-about-iot-and-cybersecurity/
2. Nokia. (2023). Threat Intelligence Report 2023. Retrieved from https://www.nokia.com/networks/security-portfolio/threat-intelligence-report/