In 2021, the exponential use of connected devices, applications and web services in our professional and private lives will increase the attack surface of the connected home to the point of raising major new risks for individuals and their employers.
The threat to connected homes is not new. However, the emergence of increased functionality in home and business devices, and the fact that these devices interconnect more than ever, is a novelty. Added to this is the historic growth in the use of telework, resulting in more use of these devices than ever.
The year 2020 saw the pandemic take workers from the office to the home, transforming the home environment into a work environment. Since the start of the Covid-19 crisis, monitoring of McAfee Secure Home Platform devices has shown an increase in 22% the number of connected home devices around the world. More than 70% of the traffic for these devices came from smartphones, laptops and desktops, and televisions, and over 29% came from IoT devices such as streaming devices, gaming consoles, connected clothing and accessories, and smart lights.
McAfee has seen cybercriminals focus more on the home attack surface with a surge in phishing messages across communication channels. The number of phishing links blocked by McAfee has increased by more than 21% from March to November 2020, with an average of over 400 links by household.
This increase is significant and suggests that a stream of phishing messages containing malicious links entered home networks through devices with the weakest security measures.
Millions of employees have taken on individual responsibility for their employer’s IT security, working in a home office with unprotected devices, from the kitchen to the living room to the bedroom. Many of these household appliances are “orphan”: their manufacturers do not properly support them with security updates to deal with new threats or vulnerabilities.
This contrasts with a professional environment where devices are reinforced by company-wide security measures. Employees now work with quality consumer equipment that they configure themselves. They lack central management, regular software updates and corporate security control.
This is why we believe that cybercriminals will make the home an attack surface for campaigns targeting not only users but also businesses. Hackers will take advantage of the lack of regular software updates, lack of security safeguards, weak privacy policies, vulnerability exploits, and users’ vulnerability to social engineering.
By compromising the home environment, these malicious actors will launch a series of attacks on business and consumer devices in 2021.