Threat actors are targeting operational technology (OT) and Internet of Things (IoT) environments with increasing sophistication and have a growing attack surface of vulnerabilities to help them do so, Nozomi Networks has warned in a new report.
Its Assessing the Threat Landscape report covers the second half of 2023 using internally sourced data from honeypots and customer environments, alongside third-party data.
It revealed that 885 new ICS-CERT vulnerabilities were disclosed during the period, impacting 74 vendors. The “critical manufacturing” sector was by far the worst affected, with related CVEs rising 230% over the previous six months, to 621 for the half-year.
Energy (75), waste and wastewater (37) and commercial facilities (31) rounded out the top three named sectors.
This is concerning as it gives threat actors more opportunity to gain a foothold into OT/IoT environments for data theft, extortion and sabotage.
To that end, the category of “network anomalies and attacks” represented the largest share (38%) of threats during the second half of 2023. Within this category, “network scans” topped the list followed by “TCP flood” attacks, which indicate DDoS attempts.
Authentication and password issues were ranked second, representing a fifth (19%) of threats detected during the period. “Alerts on access control and authorization” came third with 10%, but these threats are increasing at a rapid rate.
“Alerts on access control and authorization threats jumped 123% over the previous reporting period. In this category ‘multiple unsuccessful logins’ and ‘brute force attack’ alerts increased 71% and 14% respectively,” the report noted.
“This trend highlights the continued challenges in unauthorized access attempts, showing that identity and access management in OT and other challenges associated with user passwords persist.”
Read more on OT threats: OT/IoT Malware Surges Tenfold in First Half of the Year
Nozomi Networks said its network of IoT honeypots experienced an average of 712 unique attacks each day during the reporting period. Although this was a 12% decline from the previous six months, it urged managers of OT/IoT to double down on security.
“These trends should serve as a warning that attackers are adopting more sophisticated methods to directly target critical infrastructure, and could be indicative of rising global hostilities,” said Chris Grove, director of cybersecurity strategy at Nozomi Networks.
“The significant uptick in anomalies could mean that the threat actors are getting past the first line of defense while penetrating deeper than many would have initially believed, which would require a high level of sophistication. The defenders have got better at protecting against the basics, but these alerts tell us that the attackers are quickly evolving in order to bypass them.”
The news comes as the US and its allies yesterday warned that Chinese state actors have covertly positioned themselves in multiple critical infrastructure sectors, with the aim of launching destructive attacks in the event of military conflict.