The latest OT/IoT security report from Nozomi Networks shows that wiper malware and IoT botnets dominate threats to industrial control systems.
Researchers have observed the robust usage of wiper malware, and seen the emergence of an Industroyer variant, dubbed Industroyer2, developed to misuse the IEC-104 protocol, which is commonly used in industrial environments.
Over the first half of 2022, malicious IoT botnet activity has been on the rise and growing in sophistication. Nozomi Networks Labs set up a series of honeypots to attract these malicious botnets and capture their activity in order to provide additional insights into how threat actors target IoT.
From January to June 2022 the honeypots found the top attacker IP addresses were associated with China and the United States. Credentials most often targeted are ‘root’ and ‘admin’ and tese are used in multiple variations as a way for threat actors to access all system commands and user accounts. March has been the most active month so far with close to 5,000 unique attacker IP addresses collected.
Manufacturing and energy continue to be the most vulnerable industries followed by healthcare and commercial facilities. In the first six months of the year CISA released 560 Common Vulnerabilities and Exposures (CVEs) — down 14 percent from the second half of 2021. The number of impacted vendors is up 27 percent and affected products were also up 19 percent over the same period.
“This year’s cyber threat landscape is complex,” says Roya Gordon, Nozomi Networks OT/IoT security research evangelist. “Many factors including increasing numbers of connected devices, the sophistication of malicious actors, and shifts in attack motivations are increasing the risk for a breach or cyber-physical attack. Fortunately, security defenses are evolving too. Solutions are available now to give critical infrastructure organizations the network visibility, dynamic threat detection, and actionable intelligence they need to minimize risk and maximize resilience.”