Report reveals malware activity in OT and IoT environments worldwide jumped 10x the first half of 2023.
The latest Nozomi Networks Labs OT and IoT Security Report: Unpacking the Threat Landscape with Unique Telemetry Data, shows malware activity and alerts on unwanted applications increasing dramatically in OT and IoT environments.
Unique telemetry from Nozomi Networks Labs – collected from OT and IoT environments covering a variety of use cases and industries worldwide – found malware-related security threats spiked 10x over the last six months.
In the broad category of malware and potentially unwanted applications, activity increased 96%.
Threat activity related to access controls more than doubled.
Poor authentication and password hygiene topped the list of critical alerts for a second consecutive reporting period – though activity in that category declined 22% over the previous reporting period.
Chris Grove, Director of Cybersecurity Strategy, Nozomi Networks, said: “A significant decrease in activity per customer in categories such as authentication and password issues and suspicious or unexpected network behaviour suggests that efforts to secure systems in these areas may be paying off.
“On the other hand, malware activity increased dramatically, reflecting an escalating threat landscape.
“It’s time to ‘put the pedal to the metal’ in shoring up our defences.”
Top critical threat activity in real world environments over the last six months were:
- Authentication and Password Issue – down 22%
- Network Anomalies and Attacks – up 15%
- Operational Technology (OT) Specific Threats – down 20%
- Suspicious or Unexpected Network Behaviour – down 45%
- Access Control and Authorisation – up 128%
- Malware and Potentially Unwanted Applications – up 96%
Specific to malware, denial-of-service (DOS) activity remains one of the most prevalent attacks against OT systems, followed by the remote access trojan (RAT) category commonly used by attackers to establish control over compromised machines.
Distributed denial of service (DDoS) threats are the top threat In IoT network domains.
Malicious IoT botnets remain active this year. Nozomi uncovered growing security concerns as botnets continue to use default credentials in attempts to access IoT devices.
Findings from January- June 2023 were:
- An average of 813 unique attacks daily – the highest attack day hit 1,342 on May 1
- Top attacker IP addresses were associated with China, the United States, South Korea, Taiwan and India
- Brute-force attempts remain a popular technique to gain system access – default credentials are one of the main ways threat actors gain access to IoT
On the vulnerability front, Manufacturing and Energy and Water/Wastewaterremain the most vulnerable industries.
Food and Agriculture and Chemicals move into the top five replacing Transportation and Healthcare which were among the top five most vulnerable sectors in the previous six-month reporting period.
In the first half of 2023:
- CISA released 641 Common Vulnerabilities and Exposures (CVEs)
- 62 vendors were impacted
- Out-of-Bounds Read and Out-of-Bounds Write vulnerabilities remained in the top CWEs – both are susceptible to several different attacks including buffer overflow attacks.
