Malicious IoT botnet traffic targeting telecoms networks increases 5x over 2022: Nokia
The Internet of Things (IoT) botnet Distributed Denial of Service (DDoS) traffic, originating from insecure IoT devices has grown five-fold in 2023 over the past year, with the aim of disrupting telecom network services for “millions of users”, Finnish telecom gear maker Nokia’s Threat Intelligence Service has found.
It said in a statement Wednesday that the IoT botnet DDoS traffic has increased following Russia’s invasion of Ukraine and stemming from the growing increase in profit-driven hacking collectives operated by cybercriminals.
The number of IoT devices (bots) engaged in botnet-driven DDoS attacks rose from around 200,000 a year ago to approximately 1 million devices, generating more than 40% of all DDoS traffic today, according to the report.
Nokia’s Threat Intelligence service said that the sharp increase, which is also driven by the increased use of IoT devices by consumers around the world, was initially noticed at the beginning of the Russia-Ukraine conflict, but has since spread to other regions of the globe, with botnet-driven DDoS attacks being used to disrupt telecom networks as well as other critical infrastructure and services.
According to the report, the most common malware in telecoms networks was found to be a bot malware which scans for vulnerable devices which it said is a tactic “associated with a variety of IoT botnets”.
In fact, it warned, there are “billions of devices” ranging from smart refrigerators to smartwatches, which have lax security protections.
The report, however, observed that malware infections in home networks declined from a Covid-high of 3% to 1.5%, close to the pre-pandemic level of 1%, as malware campaigns targeting the wave of at-home workers tapered off, and more people returned to office work environments.
“A single botnet DDoS attack can involve hundreds of thousands of IoT devices, representing a significant threat to networks globally,” said Hamdy Farid, Senior Vice President, Business Applications at Nokia.
Farid suggested that to mitigate the risks, it is essential for telecom companies, vendors, and regulators to work jointly and develop more robust 5G network security measures, including implementing telco-centric threat detection and response, as well as robust security practices and awareness at all levels.
Nokia Threat Intelligence’s findings are based on data aggregated from monitoring network traffic on more than 200 million devices globally where the Nokia NetGuard Endpoint Security product is deployed, according to the statement.