In the first half of 2022, the threat landscape was disrupted by wiper malware, IoT botnet activity, and the Russia/Ukraine war, according to the most recent OT/IoT security report from Nozomi Networks Labs.
Researchers at Nozomi Networks Labs have observed activity from a variety of threat actors, including hacktivists, nation-state APTs, and cybercriminals, since Russia started its invasion of Ukraine in February 2022. They saw the widespread deployment of wiper malware and the introduction of Industroyer2, a form of the malware designed to abuse the IEC-104 protocol, which is frequently used in industrial settings.
Additionally, malicious IoT botnet activity was on the rise and becoming more sophisticated in the first half of 2022. In order to gain more knowledge about how threat actors target IoT, Nozomi Networks Labs put up a number of honeypots to draw these harmful botnets and record their behavior. In this study, Nozomi Networks Labs analysts found escalating security issues for both hard-coded passwords and end-user credentials used on internet interfaces. Between January and June 2022, Nozomi Networks’ honeypots discovered:
- The most active month was March, when nearly 5,000 different attacker IP addresses were collected
- China and the United States were the two countries with the most attacker IP addresses
- Threat actors most frequently targeted and utilized various variants of ‘root’ and ‘admin’ credentials to gain access to all system commands and user accounts
Network Visibility, Dynamic Threat Detection
Manufacturing and energy are still the most vulnerable sectors in terms of susceptibility, followed by the healthcare and commercial building sectors. During the first half of 2022:
- In comparison to the second half of 2021, CISA released 560 Common Vulnerabilities and Exposures (CVEs), a 14 percent decrease
- The proportion of impacted vendors increased by 27 percent
- Products affected increased by 19 percent from the second half of 2021
“This year’s cyber threat landscape is complex,” said Roya Gordon, OT/IoT Security Research Evangelist at Nozomi Networks. “Many factors including increasing numbers of connected devices, the sophistication of malicious actors, and shifts in attack motivations are increasing the risk for a breach or cyber-physical attack. Fortunately, security defenses are evolving too. Solutions are available now to give critical infrastructure organizations the network visibility, dynamic threat detection, and actionable intelligence they need to minimize risk and maximize resilience.”
The ‘OT/IoT Security Report’ from Nozomi Networks would offer security experts the most recent information required to reassess risk models and security initiatives, as well as practical suggestions for protecting crucial infrastructure. This most recent report contains:
- An overview of the condition of cybersecurity at the moment
- Threat landscape trends and approaches to dealing with them
- A review of the Ukraine/Russian crisis, highlighting new viruses and dangerous tools related to the situation
- Information about IoT botnets, associated IoCs, and threat actor TTPs
- Forecasting analysis and suggestions
The solution delivered by Nozomi Networks Labs would provide insights for OT and IoT settings, network and asset awareness, and threat detection.
