Scoop has an Ethical Paywall
Work smarter with a Pro licence Learn More

Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Pervasive OT And IoT Network Anomalies Raise Red Flags As Threats To Critical Infrastructure Become More Sophisticated

AUCKLAND – The latest Nozomi Networks Labs OT & IoT Security Report released today finds that network anomalies and attacks were the most prevalent threat to operational technology (OT) and internet of things (IoT) environments. Vulnerabilities within critical manufacturing also surged 230% – a cause for concern as threat actors have far more opportunities to access networks and cause these anomalies.

Real World Telemetry

Unique telemetry from Nozomi Networks Labs, collected from OT and IoT environments covering a variety of use cases and industries across 25 countries, finds network anomalies and attacks represented the most significant portion (38%) of threats during the second half of 2023. The most concerning of these network anomalies, which can indicate highly sophisticated threat actors being involved, increased 19% over the previous reporting period.

‘Network scans’ topped the list of Network Anomalies and Attacks alerts, followed closely by ‘TCP flood’ attacks which involve sending large amounts of traffic to systems aiming to cause damage by bringing those systems down or making them inaccessible. ‘TCP flood’ and ‘anomalous packets’ alert types exhibited significant increases in both total alerts and averages per customer in the last six months, increasing more than 2x and 6x respectively.

Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

“These trends should serve as a warning that attackers are adopting more sophisticated methods to directly target critical infrastructure, and could be indicative of rising global hostilities,” said Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks. “The significant uptick in anomalies could mean that the threat actors are getting past the first line of defence while penetrating deeper than many would have initially believed, which would require a high level of sophistication. The defenders have gotten better at protecting against the basics, but these alerts tell us that the attackers are quickly evolving in order to bypass them.”

Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks

Alerts on access control and authorisation threats jumped 123% over the previous reporting period. In this category ‘multiple unsuccessful logins’ and ‘brute force attack’ alerts increased 71% and 14% respectively. This trend highlights the continued challenges in unauthorised access attempts, showing that identity and access management in OT and other challenges associated with user-passwords persist.

Below is the list of top critical threat activity seen in real-world environments over the last six months:

  1. Network Anomalies and Attacks – 38% of all alerts
  2. Authentication and Password Issues – 19% of all alerts
  3. Access Control and Authorisation Problems – 10% of all alerts
  4. Operational Technology (OT) Specific Threats – 7% of all alerts
  5. Suspicious or Unexpected Network Behaviour – 6% of all alerts

ICS Vulnerabilities

With this spike in network anomalies top of mind, Nozomi Networks Labs has detailed the industries that should be on highest alert, based on analysis of all industrial control systems (ICS) security advisories released by CISA over the past six months. Manufacturing topped the list with the number of Common Vulnerabilities and Exposures (CVEs) in that sector rising to 621, an alarming 230% increase over the previous reporting period. Manufacturing, Energy and Water/Wastewater remained the most vulnerable industries for a third consecutive reporting period – though the total number of vulnerabilities reported in the Energy sector dropped 46% and Water/Wastewater vulnerabilities dropped 16%. Commercial Facilities and Communications moved into the top five, replacing Food & Agriculture and Chemicals (which both dropped out of the top 10). Of note, Healthcare & Public Health, Government Facilities, Transportation Systems and Emergency Services all made the top 10. In the second half of last year:

  • CISA released 196 new ICS advisories covering 885 Common Vulnerabilities and Exposures (CVEs) – up 38% over the previous six-month period
  • 74 vendors were impacted – up 19%
  • Out-of-Bounds Read and Out-of-Bounds Write vulnerabilities remained in the top CWEs for the second consecutive reporting period – both are susceptible to several different attacks including buffer overflow attacks

Data from IoT Honeypots

Nozomi Networks Labs also analysed a wealth of data on malicious activities against IoT devices, revealing several notable trends for these industries to consider. According to the findings, malicious IoT botnets remain active this year, and botnets continue to use default credentials in attempts to access IoT devices.

From July through December 2023, Nozomi Networks honeypots found:

  • An average of 712 unique attacks daily (a 12% decline in the daily average we saw in the previous reporting period) – the highest attack day hit 1,860 on October 6.
  • Top attacker IP addresses were associated with China, the United States, South Korea, India and Brazil.
  • Brute-force attempts remain a popular technique to gain system access – default credentials remain one of the main ways threat actors gain access to IoT. Remote Code Execution (RCE) also remains a popular technique – frequently used in targeted attacks, as well as in the propagation of various types of malicious software.

Nozomi Networks Labs’ OT & IoT Security Report: Assessing the Threat Landscape provides security professionals with the latest insights needed to re-evaluate risk models and security initiatives, along with actionable recommendations for securing critical infrastructure.

© Scoop Media

Advertisement - scroll to continue reading
Business Headlines | Sci-Tech Headlines

GenPro: General Practices Begin Issuing Clause 14 Notices

GenPro has been copied into a rising number of Clause 14 notices issued since the NZNO lodged its Primary Practice Pay Equity Claim against General Practice employers in December 2023.More

SPADA: Screen Industry Unites For Streaming Platform Regulation & Intellectual Property Protections

In an unprecedented international collaboration, representatives of screen producing organisations from around the world have released a joint statement.More


Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.