Nozomi Networks Researchers Take a Deep Look into the ICS Threat Landscape

Nozomi Networks Researchers Take a Deep Look into the ICS Threat Landscape

Monitoring the constantly-evolving cyber threat landscape is essential in staying up-to-date on the latest threats and potential attack vectors. This allows organizations to anticipate vulnerabilities, proactively harden their systems, and implement countermeasures that can protect against malicious actors. By understanding how their networks may be susceptible to attack, organizations can take action to reduce the likelihood of a successful breach.

In the past six months, Nozomi Networks researchers have seen an increase in the number and severity of cyberattacks, disrupting businesses and critical infrastructure around the globe. Railways have been particularly targeted by attackers, necessitating increased protective protocols for rail operators. Additionally, hacktivists have utilized wiper malware as a means to undermine vital services for political reasons. With malicious actors continuously evolving their tactics, organizations must stay informed about the latest threats facing OT/IoT systems and take necessary steps to safeguard their assets from any potential attack.

Here are some of the highlights in our semi-annual OT/IoT Security Report, published today:

  • Cyberattacks on critical infrastructure
  • Hacktivist TTPs
  • Intrusion alerts affecting OT environments
  • Malware categories affecting IT, OT, and IoT
  • Top vulnerable industries
  • Recommendations and 2023 forecast

The Cyber Threat Landscape

In the second half of 2022, we’ve continued to see cyberattacks on critical infrastructure (namely rail), hacktivists causing disruptive attacks, thefts of technology source code, and use of wiper malware. Below is a timeline summarizing the most significant cyber events—cyberattacks, new policies, malware, etc.—from July to December 2022:  

Timeline of cyber attacks
In the second half of 2022, we’ve continued to see cyberattacks on critical infrastructure, hacktivist attacks, and wiper malware.

In June and July 2022, the Mobarakeh Steel Company (MSC), Khouzestan Steel Company (KSC) and Hormozgan Steel Company (HOSCO) experienced a cyberattack that disrupted their websites and production lines. The attack was claimed by the hacktivist group Gonjeshke Darandehat, which had also employed wiper malware to disrupt the Iranian train system earlier in the year. This incident confirms that critical infrastructure is subject to malicious actors regardless of motive or affiliation.

Between the months of August and September, there were several disruptive attacks on manufacturing, oil, water, and electric utility companies. In October, a ransomware attack hit CommonSpirit Health, the fourth-largest U.S. health system with 140 affiliate hospitals. The attack led to delays in surgeries and other patient operations. There was also a series of cyberattacks across Europe. In December, a ransomware attack at French hospital Corbeil-Essonnes resulted in a data leak and disruption of operations

In November, Continental – an automotive and rail technology giant that develops cutting-edge technologies such as automated braking systems, vehicle monitoring systems, and navigations systems – was hit with a cyberattack. The attackers had already breached Continental’s networks before they struck, allowing them to gain access to numerous technical documents and source code pertaining to Continental’s advanced technologies. Attackers accessing source code for these technologies is cause for major concern.

Exclusive Nozomi Networks Insights

In the report, we share exclusive statistics sourced from the fully anonymized detection telemetry of participating customer environments. We provide insights into the most critical intrusion alerts affecting IT, IoT, and OT environments.

We also share unique data collected by Nozomi Networks Labs honeypots, including:

  • Protocols involving hard coded credentials
  • Attack source locations
  • Top credentials used
  • Top number of unique attacker IPs
  • Top attacker IP addresses
  • Top executed commands

This data can help security teams get a better understanding of the threats they face and validate their existing defense strategy and approach.

Download our full report for detailed trend and pattern graphs, as well as additional insights into the vulnerability landscape and industries most affected by published vulnerabilities.

Recommendations & Forecast

Organizations can take several steps to minimize cyberattacks on critical infrastructure such as: monitoring for new threats and attack vectors, performing regular security audits, encrypting stored data, ensuring that all software and hardware are up to date with the latest patches, and educating personnel about best practices for limiting exposure. Read our blog for our 2023 predictions.