OT/IoT Malware Surges Tenfold in First Half of the Year

Cyber Security Threat Summary:
Malware-related cyber-threats in operational technology (OT) and Internet of Things (IoT) environments jumped tenfold year-on-year in the first six months of 2023, according to Nozomi Networks. In their latest “OT & IoT Security Report” the researchers shared ICS vulnerabilities, data from IoT honeypots and attack statistics from OT environments. “Specific to malware, denial-of-service (DoS) activity remains one of the most prevalent attacks against OT systems,” the vendor explained in a blog post announcing the report.

Other threats against OT systems include remote access trojans (RAT) which are often used by attackers to establish control over compromised machines. Distributed denial of service (DDoS) attacks remain a top threat against IoT network domains. Actors continue to exploit default credentials on IoT devices to bolster massive botnets.

Security Officer Comments:
Trojans and ransomware also commonly detected across OT and IoT environments, with phishing being used for stealing information, gaining initial access, and deploying malware. As for the cause of the malware surge, the researchers blame poor authentication and password hygiene. For OT environments, network anomalies were up 15%, and access control and authorization threats surged 128%.

The manufacturing, energy, healthcare, water and wastewater sectors were hardest hit, alongside the public sector, Nozomi Networks said. Water treatment works experienced a large number of generic network scans, while oil and gas facilities suffered OT protocol packet injection attacks, the report added.

“The number of OT/IoT vulnerabilities remains high, with 643 published during the six-month period, while Nozomi’s honeypots detected an average of 813 unique attacks daily” (Info Security Magazine, 2023).

Suggested Correction(s):
Users should be wary of IoT devices that lack traditional security features. Many IoT devices do not have multi-factor authentication or even the ability to change default usernames and passwords. Cybercriminal will continue to target the ever growing IoT device market. If IoT devices must be used, users should consider segmenting them from sensitive networks. Once a device has been compromised by a botnet, users may notice slow or sluggish systems and/or unusual traffic on the network.