OT/IoT Cybersecurity Trends and Insights

2024 1H Review | July 2024
Read the full report

Twice a year, Nozomi Networks Labs assesses the OT/IoT threat landscape by reviewing the latest ICS CVEs published by CISA, as well as data from anonymized customer telemetry and IoT botnet attacks on our global honeypots. These are the highlights from the first half of 2024.

Our security research report provides analysis and insight into:

Analysis of recently reported vulnerabilities
Attack statistics from OT environments
The IoT botnet landscape
Recommendations for strong defenses

Important! If you’re a Nozomi Networks customer, you are covered for the vulnerabilities and threats in this report with our Asset Intelligence and Threat Intelligence subscriptions curated by our Labs team.

The Rise of Nation-State Threats in OT Environments

This report covers the most recent observed and reported OT/IoT vulnerabilities, attack and indicators of events in the wild. In parallel, nation-state threats have shifted from espionage to more destructive goals, exemplified by Volt Typhoon.  

Although we don’t directly implicate a specific nation-state actor in our observations, these developments should be top of mind as the threat landscape evolves and new OT and IoT CVEs are released.

Newly Discovered CVEs and CWEs

new advisories reported by CISA
Total ICS-CERT Vulnerabilities Disclosed
Total Vendors affected by Disclosed Vulnerabilities

Top OT Vulnerabilities

Three of the top five industries affected by new ICS CVEs — Critical Manufacturing, Energy, and Water and Wastewater — are sectors the U.S. and other governments are warning about attacks (such as Volt Typhoon). Authorities are also stepping up cybersecurity oversight.

The top 5 CWEs mentioned in the advisories reinforce the importance of cyber hygiene basics such as sanitizing user input before processing it (CWE-20) and encrypting sensitive data (CWE-311).

Top 5 Sectors Affected by Disclosed Vulnerabilities
CVEs by industry
Top 5 CWEs Associated with CVEs
CWEs associated with CVEs

Attack Statistics from OT Environments

Common security issues like poor credential handling and brute-force attacks are still the most common issues found in customer environments.

Customers in the Industrial Machinery & Equipment sector experienced the most alerts. Nearly half of them were illegal parameter requests, an OT-specific threat. See the report for a breakdown of top alerts by industry.

Top critical threat activity seen in real-world environments over the last six months:
Top critical threat activity
Top five industries experiencing the highest number of alerts per customer:
Top targeted industries

The IoT Botnet Landscape

Cybercriminals continue to exploit factory-default or weak passwords to gain access to IoT devices. Once attackers have compromised a vulnerable device, they primarily use shell commands to explore the environment or achieve persistence.

Brute-force attempts remain a popular technique to gain system access, since default credentials are one of the easiest ways threat actors gain access to IoT.

Remote Code Execution (RCE) also remains a popular technique, frequently used in targeted attacks and to propagate malware.

Attack Source Locations
IoT botnet attack source locations
Unique Daily Attack IPs
IoT botnet unique daily attack IPs

Recommendations for a Strong Defense

Here are specific actions defenders can take to reduce OT/IoT blind spots, maximize limited resources, increase operational resilience and reduce business risk.

Embrace a holistic cybersecurity strategy for IT, OT and IoT while acknowledging key differences that could cause harm or disruption.
Use playbooks, incident response plans and tabletop exercises to reduce the impact of a breach.
Continuously monitor your critical assets and enhance threat detection and response capabilities.
Leverage threat intelligence feeds and promote community collaboration through ETHOS or an ISAC.
Strengthen supply chain and critical infrastructure resilience by working to proactively reduce risks.
Connect the dots between nation-state actor activity and the indicators and anomalies you see in your environment.

Download the Complete OT & IoT Security Report

OT Security Report