Most IoT devices are being compromised by exploiting rudimentary vulnerabilities

Cybercriminals are looking for ways to use trusted devices to gain control of Internet of Things (IoT) devices via password cracking and exploiting other vulnerabilities, such as through the exploitation via voice assistants, according to the latest Mobile Threat Report unveiled by McAfee.

With over 25 million voice assistants in use across the world, these devices are often connected to other things in the home controlling lights, thermostats, door locks and more. More devices mean greater connectivity and convenience for their owners, but connectivity also means more opportunities for malicious deeds.

“Most IoT devices are being compromised by exploiting rudimentary vulnerabilities, such as easily guessable passwords and insecure default settings,” said Raj Samani, McAfee fellow and chief scientist at McAfee. “From building botnets, to stealing banking credentials, perpetrating click fraud, or threatening reputation damage unless a ransom is paid, money is the ultimate goal for criminals.”

“The rapid growth and broad access to connected IoT devices push us to deliver innovations with our partners that go beyond traditional AV, and we are creating solutions that address real world digital security challenges,” said Gary Davis, chief consumer security evangelist at McAfee. “From securing the gaming experience to safeguarding the connected home to protecting against cryptojacking, we are enabling our customers to protect what matters most to them.”

McAfee’s Mobile Threat Report 2019

McAfee’s Mobile Threat Report 2019 reveals that while 2018 was the year of mobile malware, 2019 is shaping up to be the year of everywhere malware. Cybercriminals are looking for ways to maximize their income, and shift tactics in response to changes in the market. As the value of cryptocurrencies drops, they shift away from cryptomining.

App stores are getting better at finding and deleting malicious apps, so cybercriminals bypass the stores and go directly to consumers. As the mobile platform remains a key target for ransomware developers, identity thieves and nation states, it is imperative to maintain diligence when considering which apps to install or following any link.

The McAfee Mobile Threat Report 2019 highlights the following mobile trends:

• Increase in popularity of fake apps – Fake apps are and will be one of the most effective methods to trick users into installing suspicious and malicious applications on Android devices. With more than 200 million players globally, Fortnite has taken the world by storm and over 60 million people have downloaded the app, leading to several fake apps pretending to be various versions of the game.
• Letting them inside with mobile backdoors – With smartphones connected to and controlling multiple items in people’s homes, cybercriminals are looking for new ways to trick users into letting them inside. While not new, in 2018 we saw the impact that TimpDoor, becoming the leading mobile backdoor family by more than 2x and showing how phishing over SMS is still effective to trick users into installing unknown applications.
• Continued financial threats spike globally – A global spike in banking Trojans on mobile devices has continued, targeting account holders of large multinational and small regional banks. Cybercriminals continue to innovate in different distribution vectors for this threat, from phishing SMS messages to applications with real functionality that gets its malicious payload to bypass security checks on app marketplaces.
• Mobile cryptomining – Cyber criminals are looking to find ways to add value to their digital wallets without the cost of doing their own mining. The popularity of Android-based devices not only makes them a prime target, but the latest cryptomining technique can jump from phone or tablet to smart TV to infect your entire environment.
• Spyware attacks spike on mobile – From Operation RedDawn, targeting North Korean defectors, and FoulGoal, possibly targeting Israeli FIFA World Cup fans, mobile devices remain an attractive target of nation state actors to gather intelligence and track victims.
• Increased risk of IoT attacks at home – The increasing proliferation of IoT devices are bringing conveniences that we could have never imagined, but they are also increasing the number of possible points of attack in our homes.