Research Report: OT/IoT Cybersecurity Trends and Insights in the First Half of 2024
Read the ReportTwice a year, Nozomi Networks Labs assesses the OT/IoT threat landscape by reviewing the latest ICS CVEs published by CISA, as well as data from anonymized customer telemetry and IoT botnet attacks on our global honeypots. These are the highlights from the first half of 2024.
Our security research report provides analysis and insight into:
Important! If you’re a Nozomi Networks customer, you are covered for the vulnerabilities and threats in this report with our Asset Intelligence and Threat Intelligence subscriptions curated by our Labs team.
This report covers the most recent observed and reported OT/IoT vulnerabilities, attack and indicators of events in the wild. In parallel, nation-state threats have shifted from espionage to more destructive goals, exemplified by Volt Typhoon.
Although we don’t directly implicate a specific nation-state actor in our observations, these developments should be top of mind as the threat landscape evolves and new OT and IoT CVEs are released.
Three of the top five industries affected by new ICS CVEs — Critical Manufacturing, Energy, and Water and Wastewater — are sectors the U.S. and other governments are warning about attacks (such as Volt Typhoon). Authorities are also stepping up cybersecurity oversight.
The top 5 CWEs mentioned in the advisories reinforce the importance of cyber hygiene basics such as sanitizing user input before processing it (CWE-20) and encrypting sensitive data (CWE-311).
Common security issues like poor credential handling and brute-force attacks are still the most common issues found in customer environments.
Customers in the Industrial Machinery & Equipment sector experienced the most alerts. Nearly half of them were illegal parameter requests, an OT-specific threat. See the report for a breakdown of top alerts by industry.
Cybercriminals continue to exploit factory-default or weak passwords to gain access to IoT devices. Once attackers have compromised a vulnerable device, they primarily use shell commands to explore the environment or achieve persistence.
Brute-force attempts remain a popular technique to gain system access, since default credentials are one of the easiest ways threat actors gain access to IoT.
Remote Code Execution (RCE) also remains a popular technique, frequently used in targeted attacks and to propagate malware.
Here are specific actions defenders can take to reduce OT/IoT blind spots, maximize limited resources, increase operational resilience and reduce business risk.
