Blog

Nozomi Networks' comprehensive "OT/IoT Cybersecurity Trends and Insights" report reveals alarming vulnerabilities in industrial systems across manufacturing, energy, communications, and transportation sectors.

Industrial automation systems present unique cybersecurity challenges due to their extended operational lifespans and legacy design principles. Research identifies significant coordination challenges between IT and OT teams, with multiple remote access tools creating substantial security gaps in operational networks.

These systems have become prime targets for sophisticated threat actors due to their critical infrastructure status and potential for widespread disruption. The consequences extend beyond financial impacts to encompass public safety, human health, and environmental integrity - particularly when targeting utilities, energy production facilities, or water treatment systems.

Nozomi Networks' analysis presents a concerning security profile across industrial environments. According to their research, manufacturing was the most targeted sector during the second half of 2024, with critical manufacturing recording 462 vulnerabilities, followed by energy with 174, and communications with 74. The United States emerged as the most attacked country, moving up from 5th position in the first half of 2024.

Particularly concerning is the finding that 94% of Wi-Fi networks lack protection against deauthentication attacks, exposing organizations to risks such as credential theft, traffic interception, and spoofing that could compromise critical control systems.

The report documents several sophisticated state-sponsored threat actors specifically targeting industrial infrastructure. Multi-year adversarial operations such as Volt Typhoon and Salt Typhoon have recently been exposed, highlighting how nation-state actors have infiltrated critical infrastructure and communications systems, often remaining undetected for years.

New OT malware tools like BUSTLEBERM (aka FrostyGoop) and OrpaCrab (aka IOCONTROL) represents significant threats. BUSTLEBERM was reportedly used as a cyberweapon to disrupt energy systems in Ukraine by misusing standard Modbus protocol functionality, while OrpaCrab has been linked to Iranian actors targeting IoT and OT environments in the U.S. and Israel.

These well-resourced actors represent a significant escalation in capabilities and intent, with operations increasingly focused on disrupting Western infrastructure and demonstrating geopolitical power through cyber means.

The Nozomi Networks report advocates moving beyond traditional vulnerability management approaches to adopt a comprehensive exposure management framework. This methodology provides a more strategic approach to risk mitigation than simply addressing high-CVSS vulnerabilities.

The report recommends implementing a proactive vulnerability management program that considers not only risk scores but also asset criticality, compensating controls, device type, safety implications, and exposure. This ensures resources are allocated effectively to address the most pressing threats first.

Manufacturing environments showed the highest vulnerability counts, making them particularly susceptible to cyber attacks. The energy sector followed as the second most vulnerable, with communications emerging as a new high-risk sector, possibly tied to Salt Typhoon targeting telecommunications companies.

The rise of vulnerabilities affecting Government Services and Facilities is another highlight from this period, after the sector dropped off the list in the first half of 2024.

The research emphasizes that wireless network security has emerged as a critical factor in maintaining operational continuity. To protect against deauthentication attacks and improve wireless network security, organizations should enable 802.11w (Management Frame Protection), upgrade to WPA3, and regularly monitor wireless networks for signs of suspicious activity.

Nozomi Networks recommends implementing a structured approach encompassing several key phases:

• Implementing a risk reduction strategy with updated threat intelligence
• Prioritizing anomaly detection and response
• Adopting regional and industry-specific threat intelligence
• Strengthening wireless network security with regular audits
• Enhancing vulnerability management with key metrics
• Fortifying defences against botnet attacks
• Working with security partners

As cyber defence is increasingly recognized as a team effort requiring deep bench strength, organizations are turning to specialized partners for the knowledge and capabilities needed to protect critical infrastructure.

Mitsubishi Electric complies with global cyber security and reporting standards and has a well-established, certified PSIRT to keep you informed about security threats and enabling you to operate within a cyber secure OT environment. Through strategic partnerships with leading OT cybersecurity providers like Nozomi Networks, Dispel, and TxOne, Mitsubishi Electric offers comprehensive protection against the evolving threat landscape.

As the report concludes, industrial organizations face a genuine threat of service disruption and infrastructure damage from sophisticated cyber-attacks. Security leaders must identify high-risk assets and implement appropriate protective measures including secure remote access solutions, network segmentation, and compensating controls to safeguard both operational continuity and public safety.

Interested? Check out our podcast and learn more about cyber security!