In the first half of 2023, malware activity in OT and IoT environments worldwide jumped 10x and alerts on unwanted applications doubled as nation-states, criminal groups and hacktivists continue to target healthcare, energy and manufacturing
SAN FRANCISCO, August 1, 2023 — The latest Nozomi Networks Labs OT & IoT Security Report released today finds malware activity and alerts on unwanted applications increased dramatically in OT and IoT environments as nation-states, criminal groups and hacktivists continue to target healthcare, energy and manufacturing.
Real World Telemetry
Unique telemetry from Nozomi Networks Labs – collected from OT and IoT environments covering a variety of use cases and industries worldwide – found malware-related security threats spiked 10x over the last six months. In the broad category of malware and potentially unwanted applications, activity increased 96 percent. Threat activity related to access controls more than doubled. Poor authentication and password hygiene topped the list of critical alerts for a second consecutive reporting period – though activity in that category declined 22 percent over the previous reporting period.
“There’s good news and bad news in this latest report,” said Chris Grove, Nozomi Networks Director of Cybersecurity Strategy. “A significant decrease in activity per customer in categories such as authentication and password issues and suspicious or unexpected network behavior suggests that efforts to secure systems in these areas may be paying off. On the other hand, malware activity increased dramatically, reflecting an escalating threat landscape. It’s time to ‘put the pedal to the metal’ in shoring up our defenses.”
Below is the list of top critical threat activity in real world environments over the last six months:
Specific to malware, denial-of-service (DOS) activity remains one of the most prevalent attacks against OT systems. This is followed by the remote access trojan (RAT) category commonly used by attackers to establish control over compromised machines. Distributed denial of service (DDoS) threats are the top threat In IoT network domains.
Data from IoT Honeypots
Malicious IoT botnets remain active this year. Nozomi Networks Labs uncovered growing security concerns as botnets continue to use default credentials in attempts to access IoT devices.
From January through June 2023, Nozomi Networks honeypots found:
On the vulnerability front, Manufacturing and Energy and Water/Wastewater remain the most vulnerable industries. Food & Agriculture and Chemicals move into the top five replacing Transportation and Healthcare which were among the top 5 most vulnerable sectors in our previous six-month reporting period. In the first half of 2023:
Nozomi Networks Labs “OT & IoT Security Report: Unpacking the Threat Landscape with Unique Telemetry Data” provides security professionals with the latest insights needed to re-evaluate risk models and security initiatives, along with actionable recommendations for securing critical infrastructure.
Nozomi Networks protects the world’s critical infrastructure from cyber threats. Our platform uniquely combines network and endpoint visibility, threat detection, and AI-powered analysis for faster, more effective incident response. Customers rely on us to minimize risk and complexity while maximizing operational resilience. www.nozominetworks.com