Nozomi Networks Releases 2022 1H Threat Landscape Report

Nozomi Networks, the leading OT and IoT security and visibility solution, has released its 2022 1H Threat Landscape Report. In this report, Nozomi Networks Labs analyzes the current threat landscape, ransomware and IoT botnet attacks, ICS, OT/IoT device vulnerability and exploitation trends, and steps to improve cyber threat remediation strategies. 

Nozomi Networks Labs explores key threat mitigations for more robust security, including backups, threat intelligence, cloud security, threat detection, and SBOMs. Based on this latest analysis, Nozomi Networks provides a forecast with some of the critical cybersecurity trends they expect to see throughout the rest of 2022. 

High level report takeaway from Roya Gordon, OT/IoT Security Research Evangelist and Nozomi Networks Labs:

  • With added IoT and analytics technologies for business efficiency come security concerns for both hard-coded passwords and internet interfaces for end-user credentials, in addition to networks security gaps and concerns 
  • Manufacturing and energy continue to lead in threat actor activity, however, healthcare, and commercial facilities targeting is on the rise 
  • As each sector becomes more targeted, unique risks arise for each, growing the overall risk landscape across critical infrastructure sectors 
  • Fewer CVEs recorded, however, more vendors and additional product vulnerabilities reported as we see threat actors more carefully tailoring attacks to specific environments and use cases 
  • Decision makers are inundated with information, including security research and threat reports, but they often don’t equate to actionable intelligence in lieu of mounting vulnerabilities – some manageable and others un-patchable 
  • Good quote: “Most reported critical weaknesses include misused authentication, improper access controls, and integer overflow variables.”

Thoughts on trend analysis from Danielle Jablanski, OT Cybersecurity Strategist at Nozomi Networks:

  • Threat actors are doing their homework, focusing on techniques to maintain access undetected, and mitigating potential unintended consequences. 
  • There has been broad realization that operations that tolerate little to no physical downtime are lucrative targets, with seemingly no sector off limits – food, hospitals, transportation 
  • It remains difficult to standardize attack patterns in OT/ICS, and case-by-case tacit knowledge is required to sufficiently secure each operation based on what is treated, produced, fabricated, manufactured, pumped, assembled, etc. 
  • Supply chain manipulation and chain of custody concerns for OT and ICS, as well as the potential to hijack native functionality of these systems, represents a more pressing concern in this domain than traditional zero days software vulnerabilities 
  • OT/ICS owners and operators underappreciated the potential effects of social engineering campaigns on their companies and environments 
  • Cyber-attacks on critical infrastructure are not just a force multiplier in times of crisis or conflict, but can also overwhelm local resources and cause public panic and require appropriate risk reduction and contingency planning 
    • One of the most heroic events in any ICS sector took place in March 2022 as a result of the Russian invasion of Ukraine when Ukraine securely integrated with Europe’s power grid due to market, regulatory, cybersecurity and legal concerns. 
  • Companies and individuals are still mostly reacting to security incidents, rather than reducing the severity of potential impacts 
  • The looming threat of highly sophisticated, often nation-state level attacks, narrows focus to threat hunting at the expense of other indicators worth investigating 
  • Limited resources, lack of technical competency, talent and expertise gaps, and siloed communications continue to be notable hurdles to the holistic adoption of security best practices 
  • Market for cyber insurance is at a critical inflection point, recognizing that although the sensitivity of data across many industrial sectors is not extremely high, the potential for business disruption and severe physical impacts by cyber means remains high 
    • Fewer providers offering coverage and premiums increasing, and most recently Travelers insurance has filed suit to rescind cyber insurance policy coverage to a customer for allegedly misrepresenting information gathered on their coverage application concerning their use and implementation of multi-factor authentication 

Executive Summary:

Full Report:

A webinar will occur. You can register: here

Leave a Reply

%d bloggers like this: