ISP Headaches: 5 Devices You Shouldn’t Ignore

The latest cybersecurity report from CUJO AI Labs shows that 5 types of devices are affected by significantly more threats. These are, for the most part, preventable threats to IoT devices from known disreputable IP addresses, most of which are related to malware distribution (38%) and malicious scanning (28%). Overall, these types of threats make up almost half (47%) of threats affecting consumer home networks, according to the report that analyzes 1.95 billion threats stopped by CUJO AI Sentry in just 6 months.

The Device Threat Index

If we consider the raw number of threats to particular types of devices, smartphones and computers together are affected by over 75% of all cybersecurity threats. Nevertheless, this does not mean that an average smartphone will be more likely to come under threat, since they are very common – according to our device intelligence data , smartphones make up over 41% of all connected devices.

This is why, just as in last year’s cybersecurity report, we calculated a device threat index, which allows us to compare the average number of threats affecting devices of a particular type.

The threat index is the ratio of average threats per number of devices in a category. A group of devices with a threat index above (or below) 1.00 experiences more (or fewer) threats than an average device in the whole device population. For example, a device model with a threat index of 400 is affected by 10 times more threats on average than a device with a threat index of 40.

The threat index shows that the top 5 most attacked devices on average are:

1. Network-attached storage (NAS) devices
2. Digital video recorders (DVRs)
3. Smart home automation devices
4. Cameras
5. Desktop and laptop computers

Why These Devices?

Many NAS devices, DVRs, as well as other devices in the top 5 list, have poor configurations, such as weak default usernames and passwords, port forwards configured for remote access, unprotected debug interfaces, or outdated and vulnerable software components.

Many connected devices have open ports for various communications protocols. Some ports allow the owner to remotely access data or a video stream on the device, while others enable peer-to-peer communication and file sharing, online gaming, software updates, or other use cases.? Ports can be opened automatically through protocols like Universal Plug and Play (UPnP) or by configuring router settings manually. Automation simplifies the setup of a device and enables various services, but it can pose security risks by exposing the network to external threats.

Malicious actors frequently scan and probe networks to find and target ports that might be left open; therefore, implementing proper security measures is crucial for home network security. CUJO AI Sentry blocks such attempts from known malicious sources, protecting the devices, and allowing their owners to continue using them without obstructions.

Types of Threats to IoT Devices

Connections to and from known malicious IP addresses predominantly impact unattended IoT devices. While these threats make up almost half (47%) of all malicious activities stopped by CUJO AI Sentry, their targets are not as numerous as one might suspect. Our data shows that in an average month, all IP Reputation threats affect relatively few home networks (5.51%). Of these, over 78%, or 4.33% of all households, are affected by fewer than 20 threats. This means that a relatively minuscule number of end-users are targeted by many IP Reputation threats.

Our data shows that most disreputable IP addresses targeting consumer devices were related to malware distribution (38%), scanning and brute force attacks (28%), and spam (24%). While only 5% of all IP Reputation threats can be definitively attributed to specific botnets, it should be noted that botnets use techniques such as scanning, brute force, and malware distribution, which we attribute to their own categories, therefore the actual botnet activity is likely more significant.

Types of Threats to Computers

Computers make up around 17.5% of all connected devices, according to our device intelligence data. These devices are versatile and can run a large variety of operating systems and software. This versatility is also reflected in their threat data.

Computers are targeted by incoming IP Reputation threats almost ten times more often than mobile devices. This is because computers can have suboptimal configurations, such as particular ports open for online gaming or peer-to-peer file sharing (e.g., for the BitTorrent protocol), which make them vulnerable to malicious actors.

To find out more about the threats facing consumer devices, which ports are targeted most often, and what Safe Browsing threats consumers are most likely to encounter, download the full report .