The latest Nozomi Networks Labs OT & IoT Security Report released finds that network anomalies and attacks were the most prevalent threat to OT and IoT environments. Vulnerabilities within critical manufacturing also surged 230% – a cause for concern as threat actors have far more opportunities to access networks and cause these anomalies.
Real World Telemetry
Unique telemetry from Nozomi Networks Labs, collected from OT and IoT environments covering a variety of use cases and industries across 25 countries, finds network anomalies and attacks represented the most significant portion (38%) of threats during the second half of 2023. The most concerning of these network anomalies, which can indicate highly sophisticated threat actors being involved, increased 19% over the previous reporting period.
“Network scans” topped the list of Network Anomalies and Attacks alerts, followed closely by “TCP flood” attacks which involve sending large amounts of traffic to systems aiming to cause damage by bringing those systems down or making them inaccessible. “TCP flood” and “anomalous packets” alert types exhibited significant increases in both total alerts and averages per customer in the last six months, increasing more than 2x and 6x respectively.
“These trends should serve as a warning that attackers are adopting more sophisticated methods to directly target critical infrastructure, and could be indicative of rising global hostilities,” said Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks. “The significant uptick in anomalies could mean that the threat actors are getting past the first line of defense while penetrating deeper than many would have initially believed, which would require a high level of sophistication. The defenders have gotten better at protecting against the basics, but these alerts tell us that the attackers are quickly evolving in order to bypass them.”
Alerts on access control and authorization threats jumped 123% over the previous reporting period. In this category “multiple unsuccessful logins” and “brute force attack” alerts increased 71% and 14% respectively. This trend highlights the continued challenges in unauthorized access attempts, showing that identity and access management in OT and other challenges associated with user-passwords persist.