IoT botnet DDoS (distributed denial of service) traffic increased fivefold over the past year, following Russia’s invasion of Ukraine, according to the latest Nokia Threat Intelligence Report.

The IoT botnet DDoS traffic originates from a large number of insecure IoT devices with the aim of disrupting telecom network services for millions of users. This increased fivefold over the past year following Russia’s invasion of Ukraine and stemming from the growing increase in profit-driven hacking collectives operated by cyber criminals.

This sharp increase, also supplemented by the increased use of IoT devices by consumers around the world, was first noticed at the beginning of the Russia-Ukraine conflict but has since spread to other parts of the world, with botnet-driven DDoS attacks being used to disrupt telecom networks as well as other critical infrastructure and services.

The number of IoT devices (bots) engaged in botnet-driven DDoS attacks rose from around 200,000 a year ago to approximately one million devices, generating more than 40% of all DDoS traffic today.

The most common malware in telecommunication networks was found to be a bot malware that scans for vulnerable devices, a tactic associated with a variety of IoT botnets. There are billions of IoT devices worldwide, such as smart refrigerators, medical sensors and smart watches, many of which have lax security protections.

The report also found the number of trojans targeting personal banking information in mobile devices has doubled to 9%, putting millions of users around the world at heightened risk of having their personal financial and credit-card information stolen. A trojan is nefarious software code disguised as being safe for use.

The report, however, did find some encouraging news, showing that malware infections in home networks declined from a Covid-high of 3% to 1.5%, close to the pre-pandemic level of 1%, as malware campaigns targeting the wave of at-home workers tapered off, and more people returned to office work environments.

“The key findings in this report underline both the scale and sophistication of cyber-criminal activity today,” said Hamdy Farid, senior vice president at Nokia. “A single botnet DDoS attack can involve hundreds of thousands of IoT devices, representing a significant threat to networks globally. To mitigate the risks, it’s essential that service providers, vendors and regulators work to develop more robust 5G network security measures, including implementing telco-centric threat detection and response, as well as robust security practices and awareness at all company levels.”

These findings are based on data aggregated from monitoring network traffic on more than 200 million devices globally where Nokia NetGuard Endpoint Security product is deployed.

The report is compiled by experts at the Threat Intelligence Center in Canada, Nokia Cyber Security Center in France, Nokia Security Operations Center in India, and Nokia Deepfield, part of Nokia focusing on software applications covering network analytics and DDoS security.