With industrial organisations ramping connectivity to accelerate digital transformation and remote work, threat actors are weaponising the software supply chain and ransomware attacks are growing in number, sophistication and persistence.

Subscribe

A new report from Nozomi Networks Labs finds cyber threats to industrial and critical infrastructure have reached new heights as threat actors double down on high value targets. With industrial organisations ramping connectivity to accelerate digital transformation and remote work, threat actors are weaponising the software supply chain and ransomware attacks are growing in number, sophistication and persistence. 

“This report leaves no doubt that the time for action is now,” said Nozomi Networks Co-founder and CTO Moreno Carullo. “The recent Oldsmar, Florida, water system attack and the ongoing SolarWinds investigation are dramatic reminders that the critical infrastructure and other systems that we rely on are vulnerable and at constant risk of attack. Understanding the effectiveness of defenses against the emerging threat and vulnerability landscape is vital to success.” 

Nozomi Networks’ latest “OT/IoT Security Report,” gives cybersecurity professionals an overview of the OT and IoT threats analysed by Nozomi Networks Labs security research team. The report found: 

  • Ransomware activity continues to dominate the threat landscape, growing in sophistication and persistence. In addition to demanding financial payments, Ryuk, Netwalker, Egregor and other ransomware gangs are exfiltrating data and deeply compromising networks for future nefarious activities. 
  • Supply chain threats and vulnerabilities show no signs of slowing. The unprecedented SolarWinds attack not only infected thousands of organisations including U.S. Government agencies and critical infrastructure, but it also demonstrates the massive potential for attack via supply chain weaknesses. 
  • Threat actors are targeting healthcare. Nation states are using off-the-shelf red team tools to execute attacks and perform cyber espionage against facilities involved with COVID-19 research. Ransomware crews are targeting healthcare providers and hospitals, in some cases disrupting patient treatment. 
  • Analysis of 151 ICS- CERTs published in the last six months found memory corruption errors are the dominant vulnerability type for industrial devices.

“Urgency has never been higher. As industrial organisations race toward digital transformation, threat actors are taking advantage of greater OT connectivity to create attacks that aim to disrupt operations and threaten the safety, profitability and reputation of enterprises around the globe,” said Nozomi Networks CEO Edgard Capdevielle. “While threats may be on the rise, the technologies and practices to defeat them are available today. We encourage organisation to act quickly to implement the recommendations in this report.  It’s never been more important or more possible to take the necessary steps to detect and defend critical infrastructure and industrial operations.”

Nozomi Networks’ “OT/IoT Security Report” summarises the biggest threats and risks to OT and IoT environments. The report provides information on 18 specific threats that IT and OT security teams should study as they model threat vectors and evaluate risks across operational technology systems. It includes 10 key recommendations and actionable insights to improve defenses against the current threat landscape.

Subscribe

Related Stories

Issue 34 of Interface magazine is live!

Our cover story this month investigates how Fleur Twohig, Executive Vice President, leading Personalisation & Experimentation across Consumer Data & Engagement Platforms, and her team are executing Wells Fargo’s strategy to promote personalised customer engagement across all consumer banking channels

Issue 28 of Interface Magazine is live!

Our cover story investigates how the latest cybersecurity technologies ensure the Commonwealth Bank and its customers are protected from cybercrime

Issue 26 of Interface Magazine is live!

Our exclusive cover story this month takes a drive down the information superhighway with Auto Club Group and the Automobile…

Putting security transformation before digital transformation

Martin Riley, Bridewell Consulting’s Director of Managed Services, explains why a cyber security strategy can future proof your business and provide the platform for a successful digital transformation

Global corporates fear cybercrime and employee leaks as biggest risks to protecting trade secrets

Three in four senior corporate executives believe increasing financial investment is necessary to protect intangible trade secrets, according to new analysis commissioned by global law firm CMS and conducted by The Economist Intelligence Unit…

Why supply chains are today’s fastest growing cybersecurity threat

Governments around the world have highlighted supply chains as an area for urgent attention in tackling cyber risk in the coming years…

Kaspersky shares IT security recommendations for businesses in 2021

A global shift to remote working has accelerated digital transformation and prompted a higher degree of focus on cybersecurity, according to Kaspersky’s latest report.

Securing customer communication is vital, even when it’s on personal devices

James Hall, Commercial Director, Striata UK, explores the threats customers face and how to combat them.

Five top technology trends set to impact the security sector in 2020

As existing technologies reach maturity and innovations make the leap from consumer applications to business (and vice versa), it’s imperative…

New whitepaper highlights the need for greater cyber security in retail

Critical guide published today calls for effective cyber security lifecycle management of IoT devices to improve the security of retail…

We believe in a personal approach

By working closely with our customers at every step of the way we ensure that we capture the dedication, enthusiasm and passion which has driven change within their organisations and inspire others with motivational real-life stories.