OT/IoT Security Report, 2022 2H Review

The cyber threat landscape is constantly in flux, with new threats emerging and old ones evolving.

As technology advances, so do the methods that malicious actors use to gain access to sensitive information or launch disruptive attacks.

Cyberattacks focusing on IoT-connected devices present an additional challenge for critical infrastructure organizations in 2023, due to the large number of vulnerable smart devices that can be compromised remotely.

Attackers exploit weaknesses in device security or take advantage of misconfigured settings to gain control over vulnerable equipment—sometimes resulting in physical damage to underlying structures like buildings or energy grids—or to steal confidential data from connected systems.

During the first half of 2022, Russia’s invasion of Ukraine had a significant impact on the threat landscape. We reported various threat actors at play in the cyberwarfare arena, the use of wiper malware, the emergence of ICS malware tailored to target specific OT protocols, and increasing interest in theft of technology source code by threat groups such as Lapsus$. Although the Russia/Ukraine war was at its peak earlier this year, remnants from the heightened conflict continued to trickle down into the rest of 2022.

Over the past six months we have seen cyberattacks on critical infrastructure affecting industries ranging from transportation to healthcare. Continued attacks on railroads have prompted guidelines to help rail operators secure their assets. Hacktivists have opted to use wiper malware to launch disruptive attacks on critical infrastructure, to further their political stance in the Russia/Ukraine war. As cyber threats evolve and intensify, it is important to understand how threat actors are targeting the Operational Technology (OT) and Internet of Things (IoT) devices embedded in critical infrastructure.

In this report, Nozomi Networks Labs evaluates the threat landscape from July to December 2022 to report on notable cyberattacks on critical infrastructure, threat actor intrusion tactics, insights from our IoT honeypots, and analysis of ICS-CERT advisories to determine which industries are most vulnerable. We also provide recommendations for strengthening defenses and a forecast of emerging threats to help prepare for 2023.