Security threats in OT and IoT environments are increasing rapidly. Healthcare, energy and manufacturing are particularly affected.
Nozomi Networks Labs' analysis of unique telemetry data - collected from OT and IoT environments spanning a variety of use cases and industries worldwide - has revealed that malware-related security threats have increased 10x in the last six months. Across the broad categories of malware and potentially unwanted applications, activity increased by 96 percent. Threat activity related to access controls has more than doubled. Inadequate authentication and password hygiene topped the list of critical alerts for the second reporting period in a row - although activity in this category fell 22 percent compared to the previous reporting period.
Fewer authentication and password problems
“There is good news and bad news in our latest report,” said Chris Grove, Nozomi Networks director of cybersecurity strategy. “A significant decline in activity per customer in categories such as authentication and password issues and suspicious or unexpected network behavior suggests that efforts to secure systems in these areas are paying off. On the other hand, malware activity has increased dramatically, indicating an escalating threat landscape. “It’s time to ‘put the pedal to the metal’ in strengthening our defenses.”
Access rights are seriously threatened
Below is a list of the top threats that have emerged in real-world environments over the past six months:
- Authentication and password issues – 22% decrease.
- Network Anomalies and Attacks – Increase by 15%
- Specific threats to operational technology (OT) – minus 20%
- Suspicious or unexpected network behavior – minus 45%
- Access control and authorization – plus 128%
- Malware and potentially unwanted applications – up 96%
When it comes to malware, denial of service (DOS) attacks remain one of the most common attacks on OT systems. The following is the category of Remote Access Trojans (RAT), which are often used by attackers to gain control of compromised computers. Distributed denial of service (DDoS) threats are the biggest threat in IoT network domains.
Data from IoT honeypots
Malicious IoT botnets are also active this year. Nozomi Networks Labs identified growing security concerns as botnets continue to use standard credentials to access IoT devices.
From January to June 2023, the following honeypots were detected by Nozomi Networks:
- An average of 813 individual attacks daily - the day with the highest number of individual attacks was May 1st with 1.342 attacks
- Most of the attackers' IP addresses were associated with China, the United States, South Korea, Taiwan and India.
- Brute force attacks remain a popular technique to gain access to the system - standard credentials are one of the main ways threat actors gain access to the IoT
ICS vulnerabilities
The most vulnerable sectors remain manufacturing, energy and water/wastewater. The food and agriculture and chemicals sectors move into the top five, displacing the transportation and healthcare sectors, which were among the top five most at-risk industries in Nozomi's last half-year report. In the first half of 5, the following was noted:
CISA published 641 common vulnerabilities and exposures (CVEs)
62 providers were affected
Out-of-bounds read and out-of-bounds write vulnerabilities remained in the top CVEs - both are vulnerable to several different attacks, including buffer overflow attacks
About Nozomi Networks
Nozomi Networks accelerates digital transformation by protecting critical infrastructure, industrial and government organizations from cyber threats. Nozomi Networks' solution provides exceptional network and asset visibility, threat detection and insights for OT and IoT environments. Customers rely on it to minimize risk and complexity while maximizing operational resilience.
Matching articles on the topic