Network anomalies and attacks were the most prevalent threat to operational technology (OT) and internet of things (IoT) environments, according to the latest security report from Nozomi Networks.
Nozomi also warns in its report – Nozomi Networks Labs OT & IoT Security Report – that vulnerabilities within critical manufacturing also surged 230%, a “cause for concern” as threat actors have far more opportunities to access networks and cause these anomalies.
Unique telemetry from Nozomi Networks Labs, collected from OT and IoT environments covering a variety of use cases and industries across 25 countries, also finds “network anomalies and attacks represented the most significant portion (38%) of threats during the second half of 2023,” and “the most concerning of these network anomalies, which can indicate highly sophisticated threat actors being involved, increased 19% over the previous reporting period”.
The report also notes that network scans topped the list of Network Anomalies and Attacks alerts, followed closely by ‘TCP flood’ attacks which involve sending large amounts of traffic to systems aiming to cause damage by bringing those systems down or making them inaccessible – whilw ‘TCP flood’ and ‘anomalous packets’ alert types exhibited “significant increases in both total alerts and averages per customer in the last six months, increasing more than 2x and 6x respectively”.
| |
“These trends should serve as a warning that attackers are adopting more sophisticated methods to directly target critical infrastructure, and could be indicative of rising global hostilities,” said Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks.
“The significant uptick in anomalies could mean that the threat actors are getting past the first line of defence while penetrating deeper than many would have initially believed, which would require a high level of sophistication. The defenders have gotten better at protecting against the basics, but these alerts tell us that the attackers are quickly evolving in order to bypass them.”
Nozomi reports that alerts on access control and authorisation threats jumped 123% over the previous reporting period, and in this category ‘multiple unsuccessful logins’ and ‘brute force attack’ alerts increased 71% and 14% respectively. “This trend highlights the continued challenges in unauthorised access attempts, showing that identity and access management in OT and other challenges associated with user-passwords persist,” warns Nozomi.
Below is the Nozomi list of top critical threat activity seen in real-world environments over the last six months:
“With this spike in network anomalies top of mind, Nozomi Networks Labs has detailed the industries that should be on highest alert, based on analysis of all industrial control systems (ICS) security advisories released by CISA over the past six months,” explains Nozomi.
“Manufacturing topped the list with the number of Common Vulnerabilities and Exposures (CVEs) in that sector rising to 621, an alarming 230% increase over the previous reporting period. Manufacturing, Energy and Water/Wastewater remained the most vulnerable industries for a third consecutive reporting period – though the total number of vulnerabilities reported in the Energy sector dropped 46% and Water/Wastewater vulnerabilities dropped 16%.”
Nozomi says that commercial facilities and communications moved into the top five, replacing Food & Agriculture and Chemicals (which both dropped out of the top 10). Of note, Healthcare & Public Health, Government Facilities, Transportation Systems and Emergency Services all made the top 10. In the second half of last year:
On data from IoT honeypots, Nozomi Networks Labs also reports that it analysed a wealth of data on malicious activities against IoT devices, “revealing several notable trends for these industries to consider,” – and according to the findings, malicious IoT botnets remain active this year, and botnets continue to use default credentials in attempts to access IoT devices.
From July through December 2023, Nozomi Networks honeypots found:
PROMOTE YOUR WEBINAR ON ITWIRE
It’s all about Webinars.
Marketing budgets are now focused on Webinars combined with Lead Generation.
If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.
The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.
Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.
We look forward to discussing your campaign goals with you. Please click the button below.
The paragraph that sums up the #NBN dilemma: "This demonstrates customers’ strong appetite for high-speed Internet amid the consumption of[…]
'Despite'? Surely because of the US efforts.Don't mess with the bull in the China chip shop.
I don't believe the child porn stuff. He had a top secret codeword clearance, would have been regularly polygraphed, etc.[…]
Once again, this is what anyone daring to speak up against government or expose their wrongdoings get.
I've been with all the carriers over the years, since I've been with Optus I've never received so many scam[…]
About The Author
More Stories
What Is Meaningful Connectivity?
Connect, Discuss, Inspire: Dive Deep with Special Interest Groups
Our Voices Are Making a Difference in the Fight for Strong Encryption