Report Finds High Cyber ​​Threat Vulnerabilities in Energy Sector

The latest OT/IoT security report from Nozomi Networks Labs found that energy and manufacturing are the industries most vulnerable to cyber threats, followed by healthcare and commercial facilities.

During the first six months of 2022, CISA published 560 Common Vulnerabilities and Exposures (CVEs) (down 14% from the second half of 2021), while the number of affected vendors increased by 27%. Affected products also increased by 19% compared to the second half of 2021.

The report, titled “OT/IoT Security Report: Cyber ​​Warfare Insights, Threats and Trends, Remediation,” revealed that wiper malware, IoT botnet activity, and the Russia/Ukraine war impacted the threat landscape in the first half of 2022.

Since the Russian invasion of Ukraine in February 2022, researchers at Nozomi Networks Labs have uncovered the activity of multiple threat actors, including hacker activists, nation-state APTs, and cybercriminals.

They also observed robust use of the Wiper malware and witnessed the emergence of an Industroyer variant called Industroyer2, which was designed to abuse the IEC-104 protocol commonly used in industrial environments.

Additionally, malicious IoT botnet activity is on the rise in the first half of 2022 and is becoming more sophisticated.

Nozomi Networks Labs has set up a series of honeypots to attract these malicious botnets and capture their activity in order to learn more about how threat actors are targeting the Internet of Things.

In this study, analysts at Nozomi Networks Labs uncovered a growing security issue with Internet interfaces for hard-coded passwords and end-user credentials.

From January 2022 to June 2022, the Nozomi Networks honeypot found that March was the most active month, collecting nearly 5,000 unique attacker IP addresses.

The main attacker IP addresses are associated with China and the United States, while “root” and “admin” credentials are most commonly targeted and used in several variants as a way for threat actors to access all system commands and user accounts Way.

“This year’s cyber threat landscape is complex,” said Roya Gordon, OT/IoT security research evangelist at Nozomi Networks.

“Many factors, including the growing number of connected devices, the sophistication of malicious actors, and shifting motivations for attacks, are increasing the risk of data breaches or cyber-physical attacks. Fortunately, security defenses are also evolving. Available now, it provides critical infrastructure organizations the network visibility, dynamic threat detection and actionable intelligence they need to minimize risk and maximize resiliency.” –OGN