Security By Design Becoming Crucial as Attacks on IoT and Mobile Devices Escalate

The latest Nokia Threat Intelligence Report found that the Internet of Things (IoT) devices accounted for 32.72% of all infected devices in 2020. This was a rise of 16.17% compared to the year before, based on network traffic data collected from more than 150 million devices globally where Nokia's NetGuard Endpoint Security product was deployed.

In the same report, Android devices account for 26.54%, iPhones with 1.72% and 38.92% for Windows/PC in the breakdown of infected devices last year. In a statement given to CSA by Boris Cipot, Senior Security Engineer at Synopsys Software Integrity Group, the report is a reminder for security professionals that mobile platforms are not something that can be disregarded as a risk.

Instead, cybersecurity measures should be deployed for mobile and IoT devices, as there are increasing numbers of people today who are opting to use such devices as a substitute for laptops and desktops. “Use cases have shifted from traditional desktop/laptop to mobile devices and as such, it is normal that cyber threats have followed this trend. Nevertheless, that is not to say that individuals should disregard standard PC threats. While mobile threats are rising, this does not imply that PC threats are decreasing. On the contrary, these threats are growing in number too”, added Boris.

These cyber threats include some of the most prolific malware last year and according to the report, 74% of which were Trojans and the remaining were viruses, worms, backdoors and other malware. As for Android devices, the breakdown of malware includes spyware, adware, general Trojan, banking Trojan, info-stealer and downloader – all with the purpose of compromising a user’s device and data.

The report suggests that cybercriminals have been taking advantage of the panic caused by the global pandemic, using the situation to commit fraud or spread malware. For instance, some have resorted to tricking users into installing or downloading items related to COVID-19 reports which were embedded with malware.

One, in particular, was disguised as a “Coronavirus Map” application – mimicking the legitimate and authoritative Coronavirus Map issued by Johns Hopkins University – to take advantage of the public’s demand for accurate information about COVID-19 infections, deaths and transmissions.

As industries venture to digital transformation, more mobile device users can be expected, IoT devices to be utilised and 5G network to be deployed. With that, we can also expect new threats to emerge.

In addition to the report, the increase in the adoption of IoT devices, from smart home security monitoring systems to drones and medical devices, is expected to continue as consumers and enterprises move to take advantage of the high bandwidth, ultra-low latency and fundamentally new networking capabilities that 5G mobile networks enable.

For Boris, one has to be prepared for these changes in technologies and take appropriate action to build resilience. “The world of IoT is evidence that we are still a long way from achieving this. Breached baby monitors, video cameras, cryptocurrency mining - all of these are recent incidents we have faced and continue to face. Whether it is the Android platform or the RTOS of an IoT device that is under attack, the root of the matter typically comes down to vulnerabilities in the software”, explained Boris.

Given such a situation, Boris suggests that industries should ensure a “security by design” principle as the foundation of every software development process. Boris concluded, “The use of tools such as Static Application Security Testing (SAST), Security Control Assessor (SCA) or Interactive Application Security Testing (IAST) are mandatory to keep the whole ecosystem safe. The reason being that even the smallest security hole delivered by the smallest application in a mobile phone or PC could be responsible for a whole device becoming exploitable”.

You might also like
Most comment
share us your thought

0 Comment Log in or register to post comments