The latest research from Nozomi Networks Labs has highlighted a rising prevalence of network anomalies and attacks in operational technology (OT) and Internet of Things (IoT) environments.
This report indicates an increasingly sophisticated threat to critical infrastructures, with anomalies and attacks representing the most significant portion (38%) of threats detected in the second half of 2023. Notably, these anomalies, which often point to the involvement of advanced threat actors, rose by 19% over the preceding reporting period.
Manufacturing vulnerabilities emerged to be a cause of concern, having surged an alarming 230%. Such a trend signifies increased opportunities for threat actors to gain access to networks, thus creating these anomalies. Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, shared, "These trends should serve as a warning that attackers are adopting more sophisticated methods to directly target critical infrastructure, and could be indicative of rising global hostilities."
Reports show that "network scans" top the list of Network Anomalies and Attacks alerts, followed closely by "TCP flood" attacks. These involve sending large amounts of traffic to systems, with the aim of causing damage by bringing those systems down or making them inaccessible. Alerts such as "TCP flood" and "anomalous packets" exhibited significant increases in both total alerts and averages per customer in the last six months, increasing more than 2x and 6x respectively.
Chris Grove further said, "The significant uptick in anomalies could mean that the threat actors are getting past the first line of defense while penetrating deeper than many would have initially believed, which would require a high level of sophistication. The defenders have gotten better at protecting against the basics, but these alerts tell us that the attackers are quickly evolving in order to bypass them."
According to the study, alerts on access control and authorization threats surged by 123% over the previous reporting period. Particularly, "multiple unsuccessful logins" and "brute force attack" alerts increased by 71% and 14%, respectively. This trend serves as a stark reminder of the ongoing challenges in unauthorized access attempts, suggesting that identity and access management in OT and password-related issues continue to prevail.
In a detailed analysis of all Industrial Control System (ICS) security advisories released over the previous six months, manufacturing topped the list of industries most vulnerable to anomalies. This sector saw the number of Common Vulnerabilities and Exposures (CVEs) rise to 621, marking a staggering 230% increase over the last reporting period. Other sectors maintaining high vulnerability included Energy, Water/Wastewater, Commercial Facilities, and Communications.
Evaluating data on malicious activities against IoT devices, Nozomi Networks Labs found that malicious IoT botnets remain active, with botnets continuing to use default credentials in attempts to access IoT devices. Statistics from the second half of 2023 reveal an average of 712 unique attacks daily - a volume that peaked at 1,860 attacks on a single day, October 6.
According to the company, the report serves as a resource for security professionals to reassess risk models and cybersecurity initiatives, providing actionable recommendations for bolstering the security of their critical infrastructures.