Nozomi Networks Labs Finds Ruin vs. Ransom Dominates Threat Landscape

Nozomi Networks Labs latest OT/IoT security report finds wiper malware, IoT botnet activity and the Russia/Ukraine war significantly influenced the 2022 threat landscape.

Continuing the trend that was observed in the first half of 2022, Nozomi Networks Labs researchers saw “hacktivists” shift tactics from data theft and distributed denial of service (DDoS) attacks to more destructive malware to destabilize critical infrastructure to further their political stance in the Russia/Ukraine war.

“Over the past six months, cyberattacks have increased significantly, causing major disruption to industries ranging from transportation to health care,” said Roya Gordon, Nozomi Networks OT/IoT Security Research Evangelist. “Railways, in particular, have been subject to attacks, leading to the implementation of measures designed to protect rail operators and their assets. As cyber threats evolve and intensify, it is important for organizations to understand how threat actors are targeting OT/IoT and the actions required to defend critical assets from threat actors.”

Nozomi Networks Labs analysis of customers’ intrusion alerts over the last six months found weak/cleartext passwords and weak encryption were the top access threats to critical infrastructure environments. This was followed by brute force and DDOS attempts. Trojans were the most common malware detected targeting enterprise IT networks, remote access tools (RATs) topped the malware targeting OT, and DDoS malware targeted IoT devices.

Malicious IoT botnet activity remained high and continued to rise in the second half of 2022. Nozomi Networks Labs uncovered growing security concerns as botnets continue to use default credentials in attempts to access IoT Devices.

Nozomi Networks’ OT/IoT Security Report: A Deep Look Into the ICS Threat Landscape provides security professionals with insights needed to re-evaluate risk models and security initiatives, along with actionable recommendations for securing critical infrastructure.

For more information, go to