Mitsubishi Electric to Acquire Nozomi Networks
Read the News
Twice a year the Nozomi Networks Labs teams assesses the OT/IoT threat landscape, leveraging a vast network of globally distributed honeypots, wireless monitoring sensors, inbound telemetry, partnerships, threat intelligence and other resources. Except for IoT botnet activity captured by our honeypots, all data in this report derives from anonymized telemetry from participating Nozomi Networks customers.
Here are highlights from our latest report, covering the first half of 2025.
Read the full report for deeper insights into:
Important! If you’re a Nozomi Networks customer, you are covered for the vulnerabilities and threats in this report. Asset intelligence and threat intelligence about them is baked into our platform by the Labs team.
Industries increasingly rely on wireless technologies for critical operations, yet the vast majority of Wi-Fi Protected Access 2 (WPA2, the current wireless gold standard) networks are missing basic MFP protection, a critical feature that defends against manipulation of control frames.
Among the top ICS vulnerabilities published during this period that were found in customer environments, six out of 10 have a CVSS risk score of 8.8 (high), representing a significant threat.
Other vulnerabilities have a lower risk score, but many of them either don’t require authentication or let attackers bypass it, making them much easier to exploit.
Transportation rose from #4 six months ago to #1 during this period, displacing Manufacturing as the most targeted sector among our customers.
Based on alerts gathered from anonymized telemetry, various Denial of Service (DoS) attacks comprised over a third of techniques detected in customer environments.
During this period, the U.S. overtook China as the location of the greatest number of compromised devices originating attacks. This is the first time that China hasn’t been #1 since we began monitoring botnet activity in 2022. Brute-forcing default SSH and Telnet credentials that grant high privileges is still the top technique cybercriminals use to gain access to IoT devices, a stark reminder to immediately change default credentials and enforce strong credential management
Tracking daily botnet attack volume, we see that activity peaked on January 17, 2025, similar in volume to the peak we observed in customer environments in September 2024. Both spikes appear to be related to Mirai variant attacks.
Here are specific actions defenders can take to remove OT/IoT blind spots, maximize limited resources, increase operational resilience and reduce business risk.
