Nozomi Networks Labs is dedicated to reducing cyber risk for the world’s industrial and critical infrastructure organizations. Through its cybersecurity research and collaboration with industry and institutions, it helps defend the operational systems that support everyday life.
The Labs team conducts investigations into industrial device vulnerabilities and, through a responsible disclosure process, contributes to the publication of advisories by recognized authorities.
To help the security community with current threats, they publish timely blogs, research papers and free tools. The Threat Intelligence and Asset Intelligence services of Nozomi Networks are supplied by ongoing data generated and curated by the Labs team.
In the past, insights into threats and trends proved beneficial in helping companies strengthen security and minimize future threats. For example, in 2020 the shift to work from home (WFH) policies due to COVID-19 caused an increased targeting of Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) vulnerabilities.
While companies focused their defense strategies on educating employees about network security (since they no longer had autonomy over their corporate networks), vendors continuously released patches for end users to implement. As another example, in 2021 when ransomware attacks were on the rise, there was a fixation on software supply chain compromises. This led to ransomware resilience strategies, supply chain security, and the introduction of government initiatives focused on securing critical infrastructure.
This begs the question: In the first half of 2022, what trends are we, Nozomi Networks Labs, seeing and how can companies use these insights to tailor their cybersecurity strategies? This report shares our analysis and observations. It is a more in-depth addition to the blogs and white papers we publish.
To help security teams and researchers of OT/IoT environments, this report focuses on three main areas:
• Attack trends
• Vulnerability research
We recap the Russia/Ukraine crisis, highlighting newly introduced malicious tools and malwares, as well as how this conflict can give us insights into attacker capabilities. We also provide insights into IoT botnets, corresponding Indicators of Compromise (IoCs) and threat actor Tactics Techniques and Procedures (TTPs). We conclude with recommendations for mitigating threats and forecasting analysis of what to expect throughout the rest of 2022.