Share this article on:
Nozomi Networks researchers have found that wiper malware, IoT botnet activity, and Russia’s invasion of Ukraine have impacted the cyber threat landscape heavily in the first half of 2022.
Data from Nozomi Network's latest operational technology (OT)/IoT security report has shown that the cyber threat landscape saw activity from several types of threat actors, including hacktivists, nation-state advanced persistent threats (APTs), and cyber criminals since Russia began its invasion of Ukraine in February 2022.
According to Roya Gordon, Nozomi Networks' OT/IoT security research evangelist, this year's cyber threat landscape is complex.
"Many factors including increasing numbers of connected devices, the sophistication of malicious actors, and shifts in attack motivations are increasing the risk for a breach or cyber physical attack," Gordon said.
Nozomi Networks researchers also observed the robust usage of wiper malware and witnessed the emergence of an Industroyer malware variant, which was used in the cyber attack on Ukraine’s power grid. Dubbed Industroyer2, the malware was developed to misuse the IEC-104 protocol, which is commonly used in industrial environments.
During the first half of 2022, malicious IoT botnet activity was also on the rise and growing in sophistication.
Nozomi Networks researchers have set up a series of honey pots to attract these malicious botnets aiming to capture their activity in order to provide additional insights into how threat actors target IoT. Through this research model, Nozomi Networks researchers uncovered growing security concerns for both hard-coded passwords and internet interfaces for end-user credentials.
From January to June 2022, Nozomi Networks honey pots found:
Manufacturing and energy continue to be the most vulnerable industries according to Nozomi Networks researchers, followed by healthcare and commercial facilities.
During the first six months of 2022:
As the cyber threats continue to develop, Gordon notes that fortunately, security defences are evolving too.
"Solutions are available now to give critical infrastructure organisations the network visibility, dynamic threat detection, and actionable intelligence they need to minimise risk and maximise resilience," Gordon concluded.
[Related: North Korean hackers stealing email content via malicious ‘SharpTongue’ browser extension]