SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
DDoS
#
IoT Security
Hacktivists used more destructive malware in 2022 - report
Thu, 19th Jan 2023
FYI, this story is more than a year old
Author image
By Zach Thompson, News Editor
Follow us

New research from Nozomi Networks has found hacktivists shifted their tactics in 2022 from data theft and Distributed Denial of Service (DDoS) attacks to using more destructive malware.

This was done in an attempt to destabilise critical infrastructure to further hacktivists' political stance in the Russia/Ukraine war.

Additional findings from Nozomi Networks' OT/IoT Security Report: A Deep Look into the ICS Threat Landscape include that wiper malware and IoT botnet activity also significantly influenced the 2022 threat landscape.

Nozomi Networks Labs researchers first picked up on hacktivists shifting their tactics in the first half of 2022 and note that it only gained momentum in the second half.

"Over the past six months, cyberattacks have increased significantly, causing major disruption to industries ranging from transportation to healthcare," says Roya Gordon, OT/IoT Security Research Evangelist, Nozomi Networks.

"Railways, in particular, have been subject to attacks, leading to the implementation of measures designed to protect rail operators and their assets.

"As cyber threats evolve and intensify, it is important for organisations to understand how threat actors are targeting OT/IoT and the actions required to defend critical assets from threat actors."

The company's latest OT/IoT security report also analysed customers' intrusion alerts covering the previous six months, finding weak/cleartext passwords and weak encryption were the top access threats to critical infrastructure environments.

Brute force and DDoS attempts followed this, with Nozomi Networks Labs detecting Trojans as the most common malware targeting enterprise IT networks.

Further, Remote Access Tools (RATs) topped the malware targeting OT and DDoS malware targeted IoT devices.

Malicious IoT botnet activity remained high and continued to increase in the second half of 2022, with researchers finding growing security concerns as botnets continue to use default credentials in an attempt to access IoT Devices.

From July to December 2022, Nozomi Networks honeypots found:

  • Attacks peaked in July, October and December, with more than 5,000 unique attacks each month.
  • The top attacker IP addresses were associated with China, the United States, South Korea and Taiwan.
  • "root" and "admin" credentials are still the most common method threat actors use to gain initial access and escalate privileges once in the network.
  • Regarding vulnerabilities, manufacturing and energy remain the most vulnerable industries, with water/wastewater, healthcare and transportation systems following.

In the last six months of 2022:

  • CISA released 218 Common Vulnerabilities and Exposures (CVEs) – 61% fewer than in the first half of the year
  • 70 vendors were impacted – up 16% from the previous reporting period
  • Affected products were also up 6% from the first half of 2022

Nozomi Networks' latest report offers security professionals the latest insights they need to re-evaluate risk models and security initiatives, along with actionable recommendations for securing critical infrastructure.

Related stories
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services
Half of online traffic in 2024 generated by bots, report finds
Keeper Security launches user-friendly passphrase generator
Axis unveils hybrid cloud platform for adaptable security solutions
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Secolve & Asimily join forces to boost Australia's IoT security
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models