Intelligent CISO Issue 65 | Page 27

editor ’ s question
WITH THE GROWING ADOPTION OF IOT DEVICES , HOW CAN COMPANIES ADAPT THEIR APPROACH TO ENSURE
COMPREHENSIVE PROTECTION ACROSS THEIR NETWORKS ?
he latest Nozomi Networks Labs OT & IoT

T

Security Report has found malware activity and alerts on unwanted applications increased dramatically in OT and IoT environments as nation-states , criminal groups and hacktivists continue to target healthcare , energy and manufacturing . Unique telemetry from Nozomi Networks Labs – collected from OT and IoT environments covering a variety of use cases and industries worldwide – found malware-related security threats spiked 10x over the last six months . In the broad category of malware and potentially unwanted applications , activity increased 96 %. Threat activity related to access controls more than doubled . Poor authentication and password hygiene topped the list of critical alerts for a second consecutive reporting period – though activity in that category declined 22 % over the previous reporting period .
“ There ’ s good news and bad news in this latest report ,” said Chris Grove , Nozomi Networks ’ Director of Cybersecurity Strategy . “ A significant decrease in activity per customer in categories such as authentication and password issues and suspicious or unexpected network behaviour suggests that efforts to secure systems in these areas may be paying off . On the other hand , malware activity increased dramatically , reflecting an escalating threat landscape . It ’ s time to ‘ put the pedal to the metal ’ in shoring up our defences .”
Below is the list of top critical threat activity in real world environments over the last six months :
• Authentication and password issue – down 22 %
• Network anomalies and attacks – up 15 %
• Operational Technology ( OT ) specific threats – down 20 %
• Suspicious or unexpected network behaviour – down 45 %
• Access control and authorisation – up 128 %
• Malware and potentially unwanted applications – up 96 %
Specific to malware , denial-of-service ( DOS ) activity remains one of the most prevalent attacks against OT systems . This is followed by the remote access trojan ( RAT ) category commonly used by attackers to establish control over compromised machines . Distributed-Denial-of-Service ( DDoS ) threats are the top threat in IoT network domains .
Data from IoT honeypots
Malicious IoT botnets remain active this year . Nozomi Networks Labs uncovered growing security concerns as botnets continue to use default credentials in attempts to access IoT devices .
From January through June 2023 , Nozomi Networks honeypots found :
• An average of 813 unique attacks daily – the highest attack day hit 1,342 on May 1
• Top attacker IP addresses were associated with China , the US , South Korea , Taiwan and India
• Brute-force attempts remain a popular technique to gain system access – default credentials are one of the main ways threat actors gain access to IoT
ICS vulnerabilities

?

On the vulnerability front , Manufacturing and Energy and Water / Wastewater remain the most vulnerable industries . Food and Agriculture and Chemicals move into the top five replacing Transportation and Healthcare which were among the top five most vulnerable sectors in Nozomi ’ s previous six-month reporting period . In the first half of 2023 :
• CISA released 641 Common Vulnerabilities and Exposures ( CVEs )
• 62 vendors were impacted
• Out-of-Bounds Read and Out-of-Bounds Write vulnerabilities remained in the top CWEs – both are susceptible to several different attacks including buffer overflow attacks
Nozomi Networks Labs OT & IoT Security Report : Unpacking the Threat Landscape with Unique Telemetry Data provides security professionals with the latest insights needed to re-evaluate risk models and security initiatives , along with actionable recommendations for securing critical infrastructure . www . intelligentciso . com
27