Nozomi Networks Reported Increased Threat Activity in OT and IoT Environments

Highlights:

Honeypots from Nozomi Networks recorded an average of 813 unique attacks per day from January to June, with a peak of 1,342 on May 1.

Nozomi Networks Inc., a firm specializing in industrial cybersecurity, has issued a new report warning of an alarming increase in malware activity in operational technology and Internet of Things environments.

The Nozomi Networks Labs OT and amp; IoT Security Report compiled Unpacking the Threat Landscape with Unique Telemetry Data using telemetry data collected from OT and IoT environments across the globe, encompassing a wide range of use cases and industries. The report discovered that malware-related security threats increased twentyfold over the past six months, while malware and potentially intrusive application activity nearly doubled.

Among critical threat activities, the report details variations in various domains. Authentication and password issues decreased, while network anomalies, attacks, access control, and authorization increased significantly.

Regarding malware, it was discovered that denial-of-service activity remained prevalent against OT systems. After DoS attacks, remote access trojan attacks are noted for establishing control over compromised devices. In IoT network domains, it was discovered that distributed denial of service attacks continue to pose the greatest threat.

The researchers from Nozomi Networks used IoT honeypots to collect data for the report, discovering ongoing security issues with malicious IoT botnets. Honeypots from Nozomi Networks recorded an average of 813 unique attacks per day from January to June, with a peak of 1,342 on May 1. One of the most common methods used by threat actors to obtain access to IoT devices was brute-force attempts employing default credentials.

The manufacturing, wastewater, energy and water sectors were found to be the most susceptible to vulnerabilities. Regarding exposure to vulnerabilities, the food, agriculture, and chemical sectors have joined the top five, displacing transportation and healthcare, which had previously occupied the top five positions during the reporting period.

Chris Grove, Nozomi Networks’s Director of Cybersecurity Strategy, said, “There’s good news and bad news in this latest report. A significant decrease in activity per customer in categories such as authentication and password issues and suspicious or unexpected network behavior suggests that efforts to secure systems in these areas may be paying off. On the other hand, malware activity increased dramatically, reflecting an escalating threat landscape. It’s time to ‘put the pedal to the metal’ in shoring up our defenses.”