GUEST RESEARCH: The latest Operational Technology (OT)/IoT security report from Nozomi Networks Labs finds wiper malware, IoT botnet activity, and the Russia/Ukraine war impacted the threat landscape in the first half of 2022.
Since Russia began its invasion of Ukraine in February 2022, Nozomi Networks Labs researchers saw activity from several types of threat actors, including hacktivists, nation-state advanced persistent threats (APTs), and cyber criminals. They also observed the robust usage of wiper malware, and witness the emergence of an Industroyer malware variant (used in the cyberattack on Ukraine’s power grid), dubbed Industroyer2, developed to misuse the IEC-104 protocol, which is commonly used in industrial environments.
Additionally, in the first half of 2022, malicious IoT botnet activity was on the rise and growing in sophistication. Nozomi Networks Labs set up a series of honeypots to attract these malicious botnets and capture their activity in order to provide additional insights into how threat actors target IoT. In this research, Nozomi Networks Labs analysts uncovered growing security concerns for both hard-coded passwords and internet interfaces for end-user credentials. From January to June 2022, Nozomi Networks honeypots found:
• March was the most active month with close to 5,000 unique attacker IP addresses collected.
• The top attacker IP addresses were associated with China and the United States.
• ‘root’ and ‘admin’ credentials were most often targeted and used in multiple variations as a way for threat actors to access all system commands and user accounts.
On the vulnerability front, manufacturing and energy continue to be the most vulnerable industries followed by healthcare and commercial facilities. In the first six months of 2022:
• CISA released 560 Common Vulnerabilities and Exposures (CVEs) – down 14% from the second half of 2021
• The number of impacted vendors went up 27%
• Affected products were also up 19% from the second half of 2021
“This year’s cyber threat landscape is complex,” said Nozomi Networks OT/IoT security research evangelist Roya Gordon. “Many factors including increasing numbers of connected devices, the sophistication of malicious actors, and shifts in attack motivations are increasing the risk for a breach or cyber-physical attack. Fortunately, security defenses are evolving too. Solutions are available now to give critical infrastructure organizations the network visibility, dynamic threat detection, and actionable intelligence they need to minimise risk and maximise resilience.”
Nozomi Networks’ OT/IoT Security Report provides security professionals with the latest insights needed to re-evaluate risk models and security initiatives, along with actionable recommendations for securing critical infrastructure. This latest report includes:
• A review of the current state of cybersecurity
• Trends in the threat landscape, and solutions for addressing them
• A recap of the Russia/Ukraine crisis, highlighting new related malicious tools and malware
• Insights into IoT botnets, corresponding indicators of compromises (IoCs) and threat actor tactics, techniques and procedures (TTPs).
• Recommendations and forecasting analysis
• Read OT/IoT Security Report: Cyber war insights, threats and trends, remediations
• Sign up for the webinar Nozomi Networks Labs first half 2022 OT/IoT security review: lessons for critical infrastructure
About Nozomi Networks
Nozomi Networks accelerates digital transformation by protecting the world’s critical infrastructure, industrial and government organizations from cyber threats. Our solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments. Customers rely on us to minimise risk and complexity while maximizing operational resilience. www.nozominetworks.com
GET READY FOR XCONF AUSTRALIA 2022
Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.
In its fifth year, XConf is our annual technology event created by technologists for technologists.
Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.
Explore how at Thoughtworks, we are making tech better, together.
Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organization that aims to create technology employment pathways for First Nations Peoples.
Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event
GET YOUR TICKET!