Webinar | Modernizing Asset Inventory: A Smarter Approach to Securing Industrial Environments
Register
Twice a year the Nozomi Networks Labs teams assesses the OT/IoT threat landscape, leveraging a network of more than 50,000 global honeypots, wireless monitoring sensors, inbound telemetry, partnerships, threat intelligence and other resources. Here are highlights from our latest report, covering the second half of 2024.
Read the full report for deeper insights into:
Important! If you’re a Nozomi Networks customer, you are covered for the vulnerabilities and threats in this report. Asset intelligence and threat intelligence about them is baked into our platform by the Labs team.
Industries increasingly rely on wireless technologies for critical operations yet lack of visibility into what’s communicating over the air leaves asset owners vulnerable to threats that exploit unmonitored wireless networks.
Among the top ICS vulnerabilities during this period, four were marked as Known Exploited Vulnerabilities (KEVs) and 20 had an Exploit Prediction Scoring System (EPSS) score indicating a >1% probability of being exploited in the wild — a threshold hold considered high.
Familiar weaknesses associated with the top CVEs reinforce the need to integrate the best available OT/ICS-specific threat intelligence into your cybersecurity platform to ensure you can automatically detect known issues.
The top two industries affected by new ICS CVEs — Critical Manufacturing and Energy — are consistent frontrunners in headlines and government warnings regarding attacks. The appearance of the Communications sector in 3rd place may be tied to Salt Typhoon.
Based on alerts gathered from anonymized telemetry, Data Manipulation was by far the most common technique detected in customer environments — 3x more often than the next most-detected threats.
It was also the dominant attack method detected in three top sectors: Manufacturing; Transportation; and Energy, Utilities and Waste environments.
Brute-forcing default SSH and Telnet credentials that grant high privileges is still the top technique cybercriminals use to gain access to IoT devices, a stark reminder to immediately change default credentials and enforce strong credential management
Once inside, attackers primarily use shell commands to explore the environment or achieve persistence. We also observed commands to make the .ssh directory easy to edit, collect basic information about the compromised system, and replace public SSH keys with a new key only they can use to connect.
Here are specific actions defenders can take to remove OT/IoT blind spots, maximize limited resources, increase operational resilience and reduce business risk.
