Nokia’s 2020 Report Shows Mobile and IoT Threat Explosion

Last updated September 24, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer
Source: Nokia

Nokia’s Threat Intelligence Report 2020 is out, and it records the deep effects that the COVID-19 pandemic had in the threat landscape and how the rise of the IoT is creating a huge new space for hackers to exploit. Here are the most important findings of Nokia’s researchers and how they compare with last-year stats.

The adoption of IoT devices is rapidly creating a new space, and malware authors are feverishly working on the development of capable bots that can take over these devices. Last year, the percentage of IoT infections was 16.17%, while this year, it is 32.72%. Windows infections remained mostly stable, iPhone infections rose slightly, and Android infections fell significantly. The researchers believe that this is due to the shift of attention from Android to IoT, and also the work that was done to upgrade the security of Android in general.

Source: Nokia

The type of malware that hits Android devices the most is spyware (32.67%), while adware (24.55%) and generic trojans (20.84%) follow closely behind. Banking trojans still account for a significant percentage (13%).

Source: Nokia

As for IoT infections, coin miners are the main thing here as they are making money for those who planted them.

Source: Nokia

When considering the effects of COVID-19, we first see a spike in residential network targeting in May and June 2020. This is indicative of the situation, as all malicious actors focused on targeting people who worked from home.

Source: Nokia

By counting the total mobile malware samples that Nokia’s labs were able to capture, we clearly see the upward trend continuing in 2020. The year over year increase is 17.4%, and the number of individual samples collected and analyzed has reached a mind-blowing 27 million.

Source: Nokia

Brandon Hoffman, Chief Information Security Officer at Netenrich, has shared the following comment with us on the above stats:

Some theories on why IoT infections have become so valuable to cybercriminals are that they are unmonitored devices. Cybercriminals need infrastructure to perpetrate their attacks. As devices at home and other “things” become smarter and have computing capacity they don’t need, cybercriminals can snap that computing power up and use it to perform attacks, transfer data anonymously, and store it in places people aren’t looking. The pandemic has certainly increased the attack surface of IoT devices because people are not spending money on vacations and therefore are buying more “things” for their homes.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: