With industrial organizations ramping connectivity to accelerate digital transformation and remote work, threat actors are becoming more adept at weaponizing the software supply chain and ransomware attacks are growing in number, sophistication and persistence.

All of that shows that cyber threats to industrial and critical infrastructure have reached new heights as attackers double down on high value targets, according to a report from Nozomi Networks.

“This report leaves no doubt that the time for action is now,” said Nozomi Networks co-founder and chief technology officer Moreno Carullo. “The recent Oldsmar, Florida, water system attack and the ongoing SolarWinds investigation are dramatic reminders that the critical infrastructure and other systems that we rely on are vulnerable and at constant risk of attack. Understanding the effectiveness of defenses against the emerging threat and vulnerability landscape is vital to success.”


In surveying the threat landscape since the company published its report on the first half of 2020, two types of threats stand out: Supply chain and persistent ransomware.

The “OT/IoT Security Report,” gives an overview of the OT and Internet of Things (IoT) threats analyzed by Nozomi Networks Labs security research team. The report found:

Ransomware activity continues to dominate the threat landscape, growing in sophistication and persistence. In addition to demanding financial payments, Ryuk, Netwalker, Egregor and other ransomware gangs are exfiltrating data and deeply compromising networks for future nefarious activities. Depending on the targeted network, the length of time from initial infection to ransomware execution can be as quick as a couple of hours. Examples of best practices to counter ransomware are identity and access management and disaster recovery planning.

Supply chain threats and vulnerabilities show no signs of slowing. The SolarWinds attack not only infected thousands of organizations including U.S. Government agencies and critical infrastructure, but it also demonstrates the massive potential for attack via supply chain weaknesses. The SolarWinds attack also reflects the most important recent vulnerability trend, which is supply chain research and exploitation. It is an example of a threat actor very carefully selecting a widely used service or software as its supply chain target. This attack highlights the risks to end users who have limited agency over the software used within their networks.

Threat actors are targeting healthcare. Nation states are using off-the-shelf red team tools to execute attacks and perform cyber espionage against facilities involved with COVID-19 research. Ransomware crews are targeting healthcare providers and hospitals, in some cases disrupting patient treatment.

Analysis of 151 ICS- CERTs published in the last six months found memory corruption errors are the dominant vulnerability type for industrial devices.

“As industrial organizations race toward digital transformation, threat actors are taking advantage of greater OT connectivity to create attacks that aim to disrupt operations and threaten the safety, profitability and reputation of enterprises around the globe,” said Nozomi Networks Chief Executive Edgard Capdevielle. “While threats may be on the rise, the technologies and practices to defeat them are available today. It’s never been more important or more possible to take the necessary steps to detect and defend critical infrastructure and industrial operations.”

Nozomi Networks’ “OT/IoT Security Report” summarizes the biggest threats and risks to OT and IoT environments. The report provides information on 18 specific threats IT and OT security teams should study as they model threat vectors and evaluate risks across operational technology systems. It includes 10 key recommendations and actionable insights to improve defenses against the current threat landscape.

Simply knowing attack and vulnerability numbers for a given timeframe is not the way to assess risk. It provides a skewed representation of the actual risks faced by an organization.
Instead, security teams should continuously improve security fundamentals, and assess how these measures behave against the major emerging threats.
To help defenders with the current threat landscape, this report includes recommendations including:

  • Network Monitoring
  • Attack Surface Reduction
  • Network Segmentation
  • Identity and Access Management
  • Disaster Recovery Planning
  • Active Directory Hardening
  • Secure Remote Access
  • DNS over HTTPS
  • Detection of Blockchain-based Infrastructure
  • Awareness of Legitimate Online Service Abuse

Click here to register for the full report.