OT/IoT Security Report: Botnets Attack IIoT

OT/IoT Security Report: Botnets Attack IIoT

Share post

A cybersecurity threat analysis for the second half of 2022: Cyber ​​attacks via botnets on critical infrastructures with IoT / OT continued and targeted rail transport, energy sector, manufacturing and hospitals.

The latest OT/IoT Security Report from Nozomi Networks Labs reveals that wiper malware, IoT botnet activity, and the Ukraine War were major drivers of the 2022 threat landscape. As in the first half of 2022, the company's researchers have observed cybercriminals shifting their tactics from data theft and distributed denial of service (DDoS) attacks to more destructive malware. The aim here was to destabilize the critical infrastructure and to strengthen their political position in the Ukraine war.

Rail traffic as a target

"Over the past six months, cyberattacks have increased significantly, causing severe disruption across industries from transportation to healthcare," said Roya Gordon, Nozomi Networks OT/IoT Security Research Evangelist. “Rail transport in particular has been hit by attacks, which has led to the introduction of measures to protect rail operators and their facilities. As cyber threats continue to evolve and intensify, it is important for organizations to understand how OT/IoT is being threatened and what actions are needed to protect critical assets.”

Nozomi Networks Labs analysis of digital breach alerts or attempts at customers over the past six months found that weak/plaintext passwords and weak encryption pose the top threats to critical infrastructure access. Brute force and DDoS attempts followed. Trojans were the most frequently detected malware targeting enterprise IT networks, Remote Access Tools (RATs) were the top malware used against OT, and DDoS malware was the preferred use against IoT devices.

IoT botnets continue to attack

The activity of malicious IoT botnets remained high and even increased in the second half of 2022. Nozomi Networks Labs reported growing security concerns as botnets continue to use standard credentials to access IoT devices.

From July to December 2022, experts at Nozomi Networks also found the following using honeypots:

  • Attacks peaked in July, October, and December, with more than 5.000 individual attacks each.
  • Most of the attackers' IP addresses came from China, the USA, South Korea and Taiwan.
  • "Root" and "admin" credentials are still the most commonly used by attackers to gain initial access and escalate their privileges once on the network.

In terms of industry vulnerability, manufacturing and energy remain the most vulnerable. This is followed by the areas of water/wastewater, health care and transport systems. In the last six months of 2022 the following was determined:

  • CISA released 218 Common Vulnerabilities and Exposures (CVEs) -- a 61 percent decrease from the first half of the year.
  • 70 providers were affected - an increase of 16 percent compared to the previous reporting period.
  • The number of affected products has also increased by 2022 percent compared to the first half of 6.

Nozomi Networks' OT/IoT Security Report: A Deep Look into the ICS Threat Landscape provides security professionals with the latest insights they need to reassess risk models and security initiatives, as well as actionable recommendations for securing critical infrastructure.

More at NozomiNetworks.com

 


About Nozomi Networks

Nozomi Networks accelerates digital transformation by protecting critical infrastructure, industrial and government organizations from cyber threats. Nozomi Networks' solution provides exceptional network and asset visibility, threat detection and insights for OT and IoT environments. Customers rely on it to minimize risk and complexity while maximizing operational resilience.


 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more