Internet of Things (IoT) devices have become an integral part of the lives of many over the last decade, but securing them has been a challenge. But that might be changing. A new report from cybersecurity company Nozomi Networks has found that defenses are improving. On the flip side, security threats are on the rise. Operational Technology (OT) environments, a computing category for industrial environments, face similar struggles.
Nozomi Networks conducted its research using honeypot data, ICS vulnerabilities, and attack statistics from OT environments. Let’s dig in to find out more.
The outlook for IoT and OT environments
According to Nozomi, the most prevalent OT/IoT cyber threats are opportunistic, targeted, and accidental. The most impacted sectors include energy, healthcare, water, and wastewater, disrupting city services and governments.
From reviewing publicly available data regarding cyber attacks over the past six months, opportunistic attacks are the leading attack type. This category of attacks usually involves flooding the system with traffic using DDoS attacks, targeting common weaknesses to access the system, and trying out different kinds of malware strains until one successfully exploits the target network and system.
Targeted attacks that tailor exploitation attacks to specific victims come second in prevalence. After that comes accidental impacts, which tend to involve human error leaving OT and IoT environments vulnerable to exploitation.
Since January 2023, Nozomi has noted multiple high-profile cyber threats, most frequently involving ransomware gangs. These gangs often utilize living-off-the-land techniques, using legitimate tools native to the victim’s system to carry out a successful cyber attack.
Despite this threat rise, Nozomi found that governments have been ramping up cybersecurity legislation and infrastructure. These include the European Union NIS 2 Directive, the US National Cybersecurity Strategy, and the Australian Security of Critical Infrastructure Act.
Digging into the data
From analyzing real-world telemetry data from OT/IoT deployments in areas like water treatment facilities and the building materials industry, Nozomi found that most successful threat attacks were related to poor authentication and password hygiene. DDoS attacks are the leading threat to both OT and IoT systems, while remote access trojan attacks, which threat actors can use to control compromised machines, are a continual threat to OT systems. Other commonly detected alerts were related to Dualuse, ransomware, and phishing.
Meanwhile, Nozomi set up IoT honeypots to mimic targets of cyberattacks and attract threat actors. Honeypots can act as a decoy for real targets while providing data for security analysts about threat actors and their methods. Some data Nozomi gleaned includes:
- Top attacker IP addresses came from the US, China, South Korea, Taiwan, and India.
- They experienced an average of 813 daily attacks, the highest day involving 1,342 attacks on May 1st.
- The most popular way to gain access to a system is brute force.
Conclusion
While some progress is being made in the area of security for OT/IoT environments, it’s clear that more still needs to be done to keep industry and ordinary people safe from threat actors. To find out more, be sure to check out Nozomi Networks’ full report.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.