CUJO AI has released its latest annual report analyzing cybersecurity threats, based on anonymized data from 1.8 billion devices. The company, which offers AI-driven software protecting end-user networks and devices connected to it, says it prevented over 2 billion threats between May 1 and November 1, with over 67% of home networks experiencing at least one online threat per month.

According to CUJO AI's data, 25 brands were targeted by over 70% of all threats, with some brands' devices far more widespread. So although both Apple and Samsung are in the top five of most targeted devices, with 6.77% and 4.89%, respectively, of all threats detected, the threat index (the ratio of threats to device) for both brands is among the lowest of the 25. On the other hand, the highest threat scores were recorded among brands with relatively low device populations.

Figure 1: Consumer behavior is the main culprit in threats facing computers and smartphones.
(Source: Marcos Alvarado/Alamy Stock Photo)

The report points out that computer and smartphone security – or lack thereof – stems from user behavior, such as trying to access phishing and malware distribution websites. The software vendor notes that 56% of end users attempt to access content such as social engineering, fraud and phishing websites at least once every month.

Unattended devices suffer from poor configuration and late updates

Unattended devices' exposure to threats, meanwhile, depends on vendors and device configuration. These devices most commonly face IP reputation threats, meaning "connections to and from IP addresses that have a low reputation (e.g., are used to command and control botnets)," as per the report. This issue can be exacerbated by delays in updates that respond to newly discovered vulnerabilities.

Network-attached storage devices have the highest threat index of all devices, partly because they may hold valuable information that can be exploited for ransomware attacks. Their ports must be opened for data to be accessed, which can make them visible to attackers. Digital video recorders are another frequently attacked category, as are Internet protocol cameras and baby monitors.

In a joint press release with Sky Italia, CUJO AI said there is also an increasing risk stemming from a growing number of end-of-life devices that have become unsupported, feeding into the frequency of DDoS attacks and botnets. It is of course worth noting that protecting even outdated devices is one of the claims CUJO AI makes for its CUJO AI Sentry product offered to network operators.

Among other risks highlighted by the cybersecurity firm is the rise of adware – meaning software that opens pop-ups containing ads – as well as the emergence of Web3 scams among phishing attempts.

One example is scams that trick the user into transferring a non-fungible token into someone else's wallet. Although the company warns about their growing frequency, Web3-related scams still represent only 0.5% of newly detected phishing threats. Conveniently, CUJO AI rolled out a feature protecting against such scams last year. Many, including McKinsey, have nevertheless warned of security risks that continue to plague the Web3 ecosystem.

Related posts:

— Tereza Krásová, Associate Editor, Light Reading