The latest OT/IoT security report from Nozomi Networks Labs lists wiper malware, Internet of Things botnet activity, and Russias invasion of Ukraine as the key impacts on the threat landscape in the first half of 2022.
Researchers from Nozomi Networks Labs saw activity from several types of threat actors, including hacktivists, nation-state APTs, and cyber criminals following Russia's invasion of Ukraine. The report also revealed the robust usage of wiper malware, witnessing the emergence of an Industroyer variant, dubbed Industroyer2, developed to abuse the IEC-104 protocol, which is commonly used in industrial cyber environments.
Additionally, in Q1 and Q2 2022, malicious IoT botnet activity saw a rise in frequency and sophistication.
Nozomi Networks Labs established a series of honeypots to attract the malicious botnets, capturing the activity to provide insights into how threat actors target IoT technology. The research uncovered growing concerns for hard-coded passwords and internet interfaces for end-user credentials.
Between January and June 2022, Nozomi Networks' honeypot found:
'root' and 'admin' credentials saw the most targetings, used in multiple variations for threat actors to access system commands and user accounts.
March saw close to 5,000 unique IP addresses collected, the most active month in the period
China and the United States saw the top attacker IP addresses.
Manufacturing and energy continue to be the most vulnerable industries according to the report, closely followed by healthcare and commercial faciltiies.
“This year’s cyber threat landscape is complex,” said Roya Gordon, Nozomi Networks OT/IoT security research evangelist.
“Many factors including increasing numbers of connected devices, the sophistication of malicious actors, and shifts in attack motivations are increasing the risk for a breach or cyber-physical attack. Fortunately, security defenses are evolving too. Solutions are available now to give critical infrastructure organisations the network visibility, dynamic threat detection, and actionable intelligence they need to minimise risk and maximise resilience.”