Number of Attacks Against Critical Infrastructure Is GrowingNew Report Shows a Surge in OT/IoT Threats and a 123% Increase in Hacking Attempts
Threats to critical infrastructure are on the rise, as threat actors continue to scan networks, attack networks and devices, and try to get past access controls. At the same time, according to a new report, sectors such as manufacturing have experienced a 230% increase in vulnerabilities.
Nozomi Networks Labs examined alerts across 25 countries and on Thursday released a telemetry report that shows bad actors are testing networks with automated scanning tools and flooding systems with TCP requests. These network anomalies accounted for 38% of all threats during the second half of 2023.
A transmission control protocol, or TCP, flood attack is a type of denial-of-service attack that involves deluging a target system with a high volume of TCP connection requests. Incidents involving TCP flooding and anomalous packet incidents have surged, triggering twofold and sixfold increases in alerts, respectively.
"The significant uptick in anomalies could mean that the threat actors are getting past the first line of defense while penetrating deeper than many would have initially believed, which would require a high level of sophistication," said Chris Grove, director of cybersecurity strategy at Nozomi Networks.
The researchers also observed a 123% increase in access control and authorization threats, with "multiple unsuccessful logins" and "brute force attack" alerts increasing by 71% and 14%, respectively. Grove warned that these trends indicate attackers are adopting more sophisticated methods to directly target critical infrastructure - a development potentially indicative of rising global hostilities and nation-state activity.
The top critical threat activities include:
- Network anomalies and attacks - 38% of all alerts
- Authentication and password issues - 19% of all alerts
- Access control and authorization problems - 10% of all alerts
- Operational technology-specific threats - 7% of all alerts
- Suspicious or unexpected network behavior - 6% of all alerts
ICS Vulnerabilities on the Rise
The researchers found industrial control system vulnerabilities and observed that manufacturing had experienced a 230% increase in common vulnerabilities and exposures. Manufacturing, energy and water/wastewater systems continue to be the most vulnerable sectors.
Nozomi Networks honeypots revealed a 12% decline in daily attacks, but malicious IoT botnets remain active. The report identifies China, the United States, South Korea, India and Brazil as the top countries of origin for attacker IP addresses.
"Default credentials and brute-force attempts persist as favored techniques for gaining access to IoT devices, posing significant risks to industries relying on interconnected devices," the researchers said.