OT/IoT Malware Surges Tenfold in First Half of the Year

Written by

Malware-related cyber-threats in operational technology (OT) and Internet of Things (IoT) environments jumped tenfold in the first six months of 2023 versus the previous half-year, according to Nozomi Networks.

The security vendor compiled its latest Nozomi Networks Labs OT & IoT Security Report from ICS vulnerabilities, data from IoT honeypots and attack statistics from OT environments.

“Specific to malware, denial-of-service (DoS) activity remains one of the most prevalent attacks against OT systems,” the vendor explained in a blog post announcing the report.

“This is followed by the remote access trojan (RAT) category commonly used by attackers to establish control over compromised machines. Distributed denial of service (DDoS) threats are the top threat in IoT network domains. Malicious IoT botnets remain active this year as threat actors continue to use default credentials in attempts to access chained IoT devices.”

Read more on OT threats: Researchers Reveal 56 OT Bugs in “Icefall” Report

Trojans, “dual use” malware and ransomware were among the most commonly detected alerts across OT and IoT environments, with phishing a common vector for stealing information, establishing initial access and deploying malware, the report continued. New variants of the 2016 Mirai botnet were also uncovered.

Poor authentication and password hygiene topped the list of most prolific threats for the period, despite alerts declining by 22% from the previous six months. However, network anomalies and attacks were up 15%, and access control and authorization threats surged 128%.

The manufacturing, energy, healthcare, water and wastewater sectors were hardest hit, alongside the public sector, Nozomi Networks said.

Water treatment works experienced a large number of generic network scans, while oil and gas facilities suffered OT protocol packet injection attacks, the report added.

The number of OT/IoT vulnerabilities remains high, with 643 published during the six-month period, while Nozomi’s honeypots detected an average of 813 unique attacks daily.

What’s hot on Infosecurity Magazine?