Nozomi Networks' latest research finds that wiper malware, IoT botnet activity, and the Russia/Ukraine war have had the biggest impact on the threat landscape in 2022 so far.
Nozomi Networks Labs researchers have seen activity from a range of threat actors since Russia began its invasion of Ukraine in February, including hacktivists, nation-state advanced persistent threats (APTs) and cybercriminals.
The robust usage of wiper malware that its researchers noticed saw the emergence of an Industroyer malware variant, which was used in the cyberattack on Ukraine's power grid.
This malware was developed to misuse the IEC-104 protocol, which is commonly used in industrial environments.
Nozomi Networks Labs was aware of a rise in increasingly sophisticated malicious IoT botnet activity.
The company set up a series of honeypots to attract these malicious botnets and capture their activity in order to provide additional insights into how threat actors target IoT.
Through this research, Nozomi Networks Labs analysts found growing security concerns for both hard-coded passwords and internet interfaces for end-user credentials.
From January to June 2022, this included:
- March was the most active month, with close to 5,000 unique attacker IP addresses collected.
- The top attacker IP addresses were associated with China and the United States.
- ‘root' and ‘admin' credentials were most often targeted and used in multiple variations as a way for threat actors to access all system commands and user accounts.
Regarding vulnerabilities, Nozomi notes that manufacturing and energy continue to be the most vulnerable industries, followed by healthcare and commercial facilities.
The following events happened from January to June 2022:
- CISA released 560 Common Vulnerabilities and Exposures (CVEs), a decrease of 14% compared to the second half of 2021.
- The number of impacted vendors went up 27%.
- Affected products were also up 19% from the second half of 2021.
“This year's cyber threat landscape is complex,” Nozomi Networks OT/IoT security research evangelist Roya Gordon says.
“Many factors, including increasing numbers of connected devices, the sophistication of malicious actors, and shifts in attack motivations, are increasing the risk for a breach or cyber-physical attack.
“Fortunately, security defences are evolving too. Solutions are available now to give critical infrastructure organisations the network visibility, dynamic threat detection, and actionable intelligence they need to minimise risk and maximise resilience.
Nozomi Networks' OT/IoT Security Report provides security professionals with the latest insights to re-evaluate risk models and security initiatives, along with actionable recommendations for securing critical infrastructure.
The latest report includes:
- A review of the current state of cybersecurity.
- Trends in the threat landscape and solutions for addressing them.
- A recap of the Russia/Ukraine crisis, highlighting new related malicious tools and malware.
- Insights into IoT botnets, corresponding indicators of compromises (IoCs) and threat actor tactics, techniques and procedures (TTPs).
- Recommendations and forecasting analysis.