Published on the 13/02/2024 | Written by Heather Wright

IoT and OT bug out…

Operational technology and internet of things environments are being targeted with increasing sophistication with increasing numbers of vulnerabilities helping adversaries.

IoT and OT network telemetry data from Nozomi highlights the risks associated with IoT and OT, with network anomalies and attacks the most prevalent threat.

“This massive rise in reported vulnerabilities illustrates the challenge this sector faces as it continues to embrace digitalisation.”

The Nozomi Networks Labs OT and IoT Security Report: Assessing the Threat Landscape shows 885 new industrial control system (ICS)-Cert vulnerabilities, impacting 74 vendors, were disclosed in the second half of 2023. That’s a 38 percent increase in vulnerabilities over the previous six-month period.

The report analyses telemetry data from Nozomi Networks monitoring and detection software and vulnerability information from the US Cybersecurity and Infrastructure Security Agency (CISA), along with Nizomi’s honeypot deployments tracking and analysing the latest patterns in IoT technology hijacking, abuse and misuse.

“There are thousands of known vulnerabilities in OT/ICS machines and devices,” the report says, urging organisations to prioritise proactive defence strategies including network segmentation, asset discovery, vulnerability management, patching, logging, endpoint detection and threat intelligence.

Network anomalies and attacks were the largest threats, at 38 percent, with network scans and TCP flood attacks, which involve sending large amounts of traffic to systems aiming to cause damage by bringing the systems down or making them inaccessible, the most common network anomalies and attack alerts.

Chris Grove, Nozomi Networks director of cybersecurity strategy, says the trends are a warning that attackers are adopting more sophisticated methods to directly target critical infrastructure.

“The significant uptick in anomalies could mean that the threat actors are getting past the first line of defence while penetrating deeper than many would have initially believed, which would require a high level of sophistication,” Grove says. “The defenders have gotten better at protecting against the basics, but these alerts tell us that the attackers are quickly evolving in order to bypass them.”

Rising ‘global hostilities’ could be behind some of the increase, he notes.

Brute-force attempts remain a favoured technique to gain system access and default credentials remain one of the main ways threat actors gain access to IoT, the report notes.

Alerts on access control and authorisation threats, which include multiple unsuccessful logins and brute force attacks, jumped 123 percent over the previous reporting period, highlighting the continuing challenges of identity and access management in OT and other user-password issues.

Last year Nozomi forecast the Australian and New Zealand critical infrastructure market to see a major uplift in cybersecurity, particularly in their OT and IoT environments as the official and unofficial grace periods came to a close on the Australian Government’s Security of Critical Infrastructure (SOCI) Act, and on the back of the launch of the 2023-2030 Australian Cyber Security Strategy.

The inaugural Critical Infrastructure Annual Risk Review highlighted risks including vulnerabilities in the connections between IT, OT and IoT environments, cyber literacy and security practices not keeping pace with digitalisation.

“One of the key issues to address is visibility over deep, widely connected networks with so many devices potentially talking to each other,” says Anthony Stitt, Nozomi Networks regional senior director.

“All too often, IT and OT networks run together on the same flat network. For these organisations, many are planning segmentation projects, but they are complex and disruptive to implement, so in the meantime, organisations want to understand what is going on in these environments.”

While the OT and IoT Security Report doesn’t break out critical infrastructure specifically, it highlights that the ‘critical manufacturing’ sector, is the market bearing the brunt who are bearing the brunt. It says the sector saw a 230 percent surge in threats to 621.

“This massive rise in reported vulnerabilities illustrates the considerable challenge this sector faces as it continues to embrace digitalisation,” the report says.

Energy and water/wastewater  rounded out the top three most vulnerable industries – though way behind critical manufacturing at 75 and 37 common vulnerabilities and exposures (CVEs), respectively. Both those sectors saw a decline in the total number of vulnerabilities, over the previous period.

Commercial facilities and communications moved into the top five for vulnerable sectors, replacing food and agriculture, and chemicals which dropped out of the top 10. Healthcare and public health, government facilities, transportation systems and emergency services also made the top 10 for industrial control systems vulnerabilities.

Nozomi says its network of IoT honeypots saw an average of 712 unique attacks per day, down 12 percent on the previous six months.