Nozomi Networks Labs identifies the impact on the threat landscape in 2022


The latest research from Nozomi Networks shows that wiper malware, IoT botnet activity, and the Russia-Ukraine war had the biggest impacts on the threat landscape in 2022 to date.

Researchers at Nozomi Networks Labs have observed activity from a range of threat actors, including hacktivists, nation-state Advanced Persistent Threats (APTs), and cybercriminals, since the Russian invasion of Ukraine began in February.

The robust use of wiper malware noticed by the researchers led to the emergence of an Industroyer malware variant used in the cyberattack on Ukraine’s power grid.

This malware is designed to abuse the IEC-104 protocol commonly used in industrial environments.

Nozomi Networks Labs was aware of a rise in increasingly sophisticated malicious IoT botnet activity.

The company set up a series of honeypots to attract these malicious botnets and capture their activity to gain additional insights into how threat actors are targeting the IoT.

Through this research, analysts at Nozomi Networks Labs identified growing security concerns for both hard-coded passwords and web interfaces for end-user credentials.

From January to June 2022 these were:

  • March was the busiest month collecting nearly 5,000 unique IP addresses from attackers.
  • The top attackers’ IP addresses have been linked to China and the United States.
  • “Root” and “admin” credentials were the most targeted and used in multiple variations to allow attackers access to all system commands and user accounts.

In terms of vulnerabilities, Nozomi notes that manufacturing and energy remain the most vulnerable sectors, followed by healthcare and commercial facilities.

The following events took place from January to June 2022:

  • CISA released 560 Common Vulnerabilities and Exposures (CVEs), a 14% decrease compared to the second half of 2021.
  • The number of affected providers increased by 27%.
  • Affected products were also up 19% from the second half of 2021.

“This year’s cyber threat landscape is complex,” said Roya Gordon, evangelist of OT/IoT security research at Nozomi Networks.

“Many factors, including the increasing number of connected devices, the sophistication of malicious actors, and changing attack motifs, increase the risk of a security breach or cyber-physical attack.

“Fortunately, security measures are also evolving. Solutions are now available that give organizations with critical infrastructure the network visibility, dynamic threat detection, and actionable intelligence they need to mitigate risk and maximize resiliency.”

The Nozomi Networks OT/IoT Security Report provides security professionals with the latest insights into reassessing risk models and security initiatives, as well as actionable recommendations to secure critical infrastructure.

The latest report includes:

  • An overview of the current state of cyber security.
  • Trends in the threat landscape and solutions to address them.
  • A summary of the Russia-Ukraine crisis, highlighting new related malicious tools and malware.
  • Insights into IoT botnets, corresponding indicators of compromise (IoCs) and tactics, techniques and procedures of threat actors (TTPs).
  • Recommendations and forecast analysis.

About Author

Comments are closed.