The latest Nozomi Networks Labs OT & IoT Security Report: Unpacking the Threat Landscape with Unique Telemetry Data shows that malware activity and alerts about unwanted applications have increased dramatically in OT and IoT environments. This is because nation states, criminal groups, and hacktivists continue to target healthcare, energy, and manufacturing.
Nozomi Networks Labs analysis of unique telemetry data – collected across OT and IoT environments spanning a variety of use cases and industries worldwide – has revealed that malware-related security threats have increased 10x in the last six months. In the broad categories ofMalware and potentially unwanted applications increased activity by 96 percent. Access control threat activity has more than doubled. Poor authentication and password hygiene topped the list of critical alerts for the second reporting period in a row – although activity in this category decreased by 22 percent compared to the previous reporting period.
“There is good news and bad news in our most recent report,” said Chris Grove, Nozomi Networks director of cybersecurity strategy. “A significant drop in activities per customer in categories such as authentication and password issues and suspicious or unexpected network behavior indicates that efforts to secure systems in these areas are paying off. On the other hand, malware activity has increased dramatically, indicating an escalating threat landscape. It’s time to ‘step the gas pedal’ in beefing up our defenses.”
The following is a list of the top threats that have emerged in real-world environments over the past six months:
- Authentication and password issues — 22% down.
- Network anomalies and attacks – 15% increase
- Specific Operational Technology (OT) Threats – minus 20%
- Suspicious or unexpected network behavior – minus 45%
- Access control and authorization – up 128%
- Malware and potentially unwanted applications – up 96%
When it comes to malware , denial of service (DOS) attacks remain one of the most common attacks on OT systems. Next comes the category of Remote Access Trojans (RAT), which are commonly used by attackers to take control of compromised machines. Distributed Denial of Service (DDoS) threats are the biggest threat in IoT network domains.
Data from IoT honeypots
Malicious IoT botnets are also active this year. Nozomi Networks Labs identified growing security concerns as botnets continue to use default credentials to access IoT devices.
From January to June 2023, the following honeypots were detected by Nozomi Networks:
- Average of 813 unique attacks daily – the day with the highest number of unique attacks was May 1st with 1,342 attacks
- Most of the attackers’ IP addresses were associated with China, the United States, South Korea, Taiwan and India.
- Brute force attacks remain a popular technique to gain system access – default credentials are one of the main ways threat actors gain access to the IoT
The sectors most at risk remain manufacturing, energy and water/wastewater. Food & Agriculture and Chemicals sectors move into the top 5, displacing transportation and healthcare, which were among the top 5 most vulnerable sectors in Nozomi’s most recent semi-annual report. In the first half of 2023, the following was observed:
- CISA published 641 common vulnerabilities and exposures (CVEs)
- 62 providers were affected
- Out-of-bounds read and out-of-bounds write vulnerabilities remained in the top CVEs – both are vulnerable to several different attacks, including buffer overflow attacks