Cybersecurity Landscape for Consumer Connected Devices Increasingly Perilous – CUJO AI

By Kimmo Kasslin, Vice President, Research Laboratories, CUJO AI

As we examine the tens of millions of threats targeting consumer devices, our security researchers see three distinct trends in today’s home cybersecurity landscape.

Kimmo Kasslin, Vice President, Research Laboratories, CUJO AI

  • The spread of adware is growing, and we have seen extremely large spikes in activity over the past year. Most adware operates like a business – when an owner of an adware network receives an order, devices infected with potentially unwanted programs start getting ad pop-ups. Major spikes in adware activity (up to 400%) usually happen on weekends, when people spend more time online. It may also be the case that ads shown at those times are more effective.

  • The number of end-of-life, unsupported or outdated devices is increasing, creating more risk to home networks. IoT device lifetimes often exceed vendor support times, and unprotected devices which have poor configurations (or known unpatched vulnerabilities) are very likely to be hacked. It’s a numbers game: both residential and enterprise networks are being scanned for IoT devices by automated scripts and then attacked, which means that a vulnerable device is a sitting duck for automated malicious activities.

  • Phishing remains a major cybersecurity issue. Every month, end-users in around 56% of homes attempt to open at least a single phishing link. This is extremely worrying due to the major negative impact that a successful phishing attack can have on private data, finances, as well as business and infrastructure security.

While these trends target different attack surfaces (types of devices, vulnerabilities, and behaviors), they are not isolated. For instance, the growth of vulnerable IoT devices feeds into the prevalence of botnets and DDoS attacks. As the cybersecurity landscape continues to evolve, we clearly see the need and value of our comprehensive, multi-layered security solution to protect tens of millions of households.

Just seven device types are targeted by over 90% of all threats. While desktops, laptop computers, and smartphones make up close to 60% of all devices, they are targeted by a significantly lower percentage (45.85%)  of threats. IP Cameras, which make up just 1.2% of all devices are targeted by over 24% of malicious activities on consumer networks.  

Attended Devices

Attended devices (computers, smartphones) are most often  attacked when a device visits a malicious URL, while unattended devices are predominantly attacked from  outside the network without the user being aware of the attack.  

Even though these devices can run endpoint protection solutions (e.g., antimalware software), our  survey has also shown that only 35-37.5% of consumers in the US, France, and Italy, as well as 54% of consumers in Germany self-reported using security software in 2021. This means that a massive number of  attended consumer devices are unprotected. 

Network Attached Storage Devices

The device type threat index shows that several  key categories attract an outstanding number of  threats. Network-attached storage (NAS), DVR,  IP cameras, baby monitors, and audio-video  devices are the 5 most targeted device types,  when we consider the average number of  threats to each device type.  

Popular devices, such as smartphones, smart watches, tablets, or computers, face orders-of-magnitude fewer threats than NAS devices or DVRs, on average. In fact, Our data shows that NAS devices are targeted by malicious activities the most often.  

There are several reasons why NAS devices are targeted so often. They are the perfect targets for ransomware due to the valuable data they hold. NAS devices are also often configured to make them more susceptible to attacks: they need to have ports opened for the owner to  access data when away from home. With ports 8080 and 443 open, NAS devices are easily noticed by attackers. Users usually have to approve firmware upgrades, which adds  significant delays to the patching process. 

Digital video recorders (DVR) are used to record digital video from IP cameras and other sources to disk drives, USB flash drives, SD memory cards or mass storage devices. Some DVR vendors sell poorly configured devices with open ports that allow access from outside the home network. Also, many DVR vendors autoconfigure the home router via UPnP to open its ports to the Internet. Here, the data shows that a handful of vendors are targeted by the vast majority of threats.  

While a compromised DVR may not seem as dangerous as a compromised laptop or NAS device, it can be used as a stepping stone to compromise the home network laterally or as a proxy for external attacks.  

IP Cameras

IP cameras are famous for having poor security. They are being hacked not only to spy on people, but also to participate in coordinated DDoS attacks. Infected IP cameras also often become part of botnets. Many IP cameras have poor configurations, such as publicly known hard-coded administrator credentials, which make them easy targets for brute-force attacks.  Since, like NAS devices, IP cameras are accessed remotely by their users, they are often exposed to the Internet. Like DVRs,  many IP cameras autoconfigure the home router via UPnP to open ports to the Internet. 

There are some outlines we can draw between unattended (mostly IoT) and attended devices (smartphones and computers): the latter face growing phishing threats, while background devices can be targeted en-masse by botnet malware.

While attended device security depends on the user’s behavior, unattended device security depends on vendors and device configurations, as well as the time users spend fine tuning the security of their devices. In any case, such devices get bombarded by automated scanners and exploitation services constantly. 

Conclusion

There is a growing need for security regulation in the connected device space, but it should be noted that no regulation can bridge the gap between when a vulnerability is discovered, and an update is installed. In some cases, we do not expect end-users to update their devices due to technical difficulties, poor notification practices, buggy patches or lack of time and priority.

As evidenced by our data, an average household is threatened every other day. While the number of connected devices continues to grow, we expect  IoT security to become an even greater issue. While more consumers should install and use security software on attended devices, they also increasingly  need protection for other connected devices on their networks.

EDITOR’S NOTE —For the full report visit: https://cujo.com/resources/device-security-report-2023/