Nozomi Networks Enters Next Phase of Growth as Mitsubishi Electric Completes Acquisition
Read the News
아카데미
실험실
채용 정보
파트너 로그인
지원
보안 보고서

OT/IoT 사이버 보안 동향 및 인사이트

2025 2H Review | February 2026
보고서 전문 읽기

중요! Nozomi Networks 고객이라면 이 보고서의 취약점과 위협에 대한 보장을 받으실 수 있습니다. Asset intelligencethreat intelligence 은 연구소 팀에 의해 플랫폼에 내장되어 있습니다.

Twice a year the Nozomi Networks Labs teams assesses the OT/IoT threat landscape, leveraging a vast network of globally distributed honeypots, wireless monitoring sensors, inbound telemetry, partnerships, threat intelligence and other resources. Except for IoT botnet activity captured by our honeypots, all data in this report derives from anonymized telemetry from participating Nozomi Networks customers.

Here are highlights from our latest report, covering the second half of 2025.

자세한 내용은 보고서 전문을 읽어보세요:

Top techniques, targets and threat actors
The OT/IoT vulnerability landscape
Wireless exposure in industrial environments
IoT botnet activity and trends
심층 방어를 위한 권장 사항

 Top Techniques and Targets

  • Adversary-in-the-Middle (aka Man-in-the-Middle, or MiTM) was associated with over one-quarter of all alerts. This technique is generally used to sniff sensitive information, including credentials, which can later be used in other stages of the attack.
  • Transportation and Manufacturing remained the #1 and #2 most targeted sectors for the full calendar year, with Government moving into third place.
  • The UK, Germany and Australia produced the highest number of alerts per organization.

Top Malware 

  • After the universal Trojan and versatile RAT categories, the top detected malware categories ware MINER, WORM and DOWNLOADER.
  • After Generic (54.7%), DoublePulsar was the most detected malware family (20.5%), a reminder of how costly it can be to completely remediate a threat used at scale.
  • Scattered Spider was the most detected threat actor (42.9%), consistent with broader reporting that Scattered Spider remained highly active throughout the year, often leveraging social engineering to gain initial access

Vulnerability Landscape

  • Almost half of the vulnerabilities present in observed environments have a CVSS score of HIGH or CRITICAL.
  • The most commonly observed OT vulnerabilities discovered in 2025 affected Siemens, Rockwell Automation and Schneider Electric devices.
  • CWE-416: Use After Free was the most prevalent category (13.8%). It can lead to crashes, data corruption or attacker-controlled code execution.

Wireless Exposure in Industrial Environments

  • 68% of observed wireless networks still operate without Management Frame Protection (MFP), which provides protection against deauth attacks.
  • Enterprise-grade authentication such as 802.1x is observed in only 0.3% of of detected Wi-Fi networks.
  • 14% of observed networks use open or legacy security modes.

IoT Botnet Activity and Trends

  • A third of all attacks against our honeypots came from China.
  • Botnet activity spiked sharply on September 2, 2025, related to an upgrade of the Mirai clone. In one day we recorded attacks from 1,169 different IP addresses.
  • UPX 3.94 is still the most common packer used by attackers to protect IoT malware, despite the availability of newer versions, perhaps because it’s embedded in their toolchains and works on multiple payloads.

심층 방어를 위한 권장 사항

다음은 IoT 사각지대를 제거하고, 제한된 리소스를 극대화하고, 운영 복원력을 높이고, 비즈니스 리스크를 줄이기 위해 방어자가 취할 수 있는 구체적인 조치입니다.

Maintain complete asset and network visibility across OT and IoT as the foundation for effective risk management. Seek to eradicate the visibility gaps observed in credential exposure, wireless activity and botnet propagation highlighted in this report.
Strengthen malware detection and blocking with tools that can inspect industrial protocols, monitor lateral movement and identify malicious payloads.
Leverage AI-driven security systems to detect anomalies and threats and surface the most critical issues, with relevant context and guidance. This can dramatically improve detection accuracy and SOC efficiency.
Detect and monitor wireless threats to identify rogue access points, unauthorized devices and misconfigurations. Wireless exposure repeatedly emerged as a silent enabler across multiple attack stages, making detection a foundational control rather than a niche capability. 
Adopt risk-based vulnerability management that correlates asset criticality, exploitability and operational impact. Prioritize the number of High and Critical vulnerabilities in operational environments.
Enable intelligence sharing — including telemetry sharing — across regions, industries and vendors to improve collective cyber resilience and stay ahead of attackers. Doing so strengthens overall resilience against large-scale or coordinated attacks.

보안 보고서 전문 다운로드 OT & IoT

보고서 전문 다운로드

구독

LinkedIn

데모

플랫폼

플랫폼 개요VantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart Polling통합PSIRT

전문 서비스

전문 서비스지정 엔지니어패스트 트랙 서비스상태 확인 서비스최적화 서비스

솔루션 비즈니스 요구 사항

위협 탐지 및 대응지속적인 네트워크 모니터링자산 재고 관리위험 및 취약성 관리IoT 보안데이터 센터 사이버 보안

솔루션 솔루션: 규정 준수

NERC CIPNIS2 지시문TSA 보안 지침

솔루션 솔루션: 산업

공항전기 유틸리티헬스케어연방 정부제조해양마이닝석유 및 가스제약Rail리테일스마트 시티물 및 폐수

학습

아카데미채용 정보회사고객 사례문의하기파트너리소스실험실법률신뢰 센터
LinkedIn 로고
© 2026 Nozomi Networks Inc. All Rights Reserved. Privacy Policy and Certifications. System Status.