[YA-14] OT/IoT恶意软件在今年上半年激增十倍

Malware-related cyber-threats in operational technology (OT) and Internet of Things (IoT) environments jumped tenfold in the first six months of 2023 versus the previous half-year, according to Nozomi Networks.

根据 Nozomi Networks 的数据，2023 年前六个月，运营技术 （OT） 和物联网 （IoT） 环境中与恶意软件相关的网络威胁比上半年增加了十倍。

The security vendor compiled its latest Nozomi Networks Labs OT & IoT Security Report from ICS vulnerabilities, data from IoT honeypots and attack statistics from OT environments.

安全供应商根据ICS漏洞，物联网蜜罐数据和OT环境的攻击统计数据编制了最新的Nozomi Networks Labs OT和物联网安全报告。

“Specific to malware, denial-of-service (DoS) activity remains one of the most prevalent attacks against OT systems,” the vendor explained in a blog post announcing the report.“

具体到恶意软件，拒绝服务（DoS）活动仍然是针对OT系统最普遍的攻击之一，”该供应商在宣布该报告的博客文章中解释说。

“This is followed by the remote access trojan (RAT) category commonly used by attackers to establish control over compromised machines. Distributed denial of service (DDoS) threats are the top threat in IoT network domains. Malicious IoT botnets remain active this year as threat actors continue to use default credentials in attempts to access chained IoT devices.”“

其次是攻击者常用的远程访问木马（RAT）类别，以建立对受感染机器的控制。分布式拒绝服务 （DDoS） 威胁是物联网网络域中的首要威胁。恶意物联网僵尸网络今年仍然活跃，因为威胁行为者继续使用默认凭据来尝试访问链式物联网设备。

Read more on OT threats: Researchers Reveal 56 OT Bugs in “Icefall” Report

阅读更多关于OT威胁的信息：研究人员在“冰瀑”报告中揭示了56个OT漏洞

Trojans, “dual use” malware and ransomware were among the most commonly detected alerts across OT and IoT environments, with phishing a common vector for stealing information, establishing initial access and deploying malware, the report continued. New variants of the 2016 Mirai botnet were also uncovered.

特洛伊木马，“双重用途”恶意软件和勒索软件是OT和物联网环境中最常检测到的警报之一，网络钓鱼是窃取信息，建立初始访问权限和部署恶意软件的常见媒介。还发现了2016年Mirai僵尸网络的新变种。

Poor authentication and password hygiene topped the list of most prolific threats for the period, despite alerts declining by 22% from the previous six months. However, network anomalies and attacks were up 15%, and access control and authorization threats surged 128%.

尽管警报比前六个月下降了22%，但身份验证和密码卫生不佳是该期间最多产的威胁之一。然而，网络异常和攻击增加了15%，访问控制和授权威胁激增了128%。

The manufacturing, energy, healthcare, water and wastewater sectors were hardest hit, alongside the public sector, Nozomi Networks said.

Nozomi Networks表示，制造业，能源，医疗保健，水和废水行业与公共部门一起受到的打击最大。

Water treatment works experienced a large number of generic network scans, while oil and gas facilities suffered OT protocol packet injection attacks, the report added.

报告补充说，水处理厂经历了大量的通用网络扫描，而石油和天然气设施则遭受了OT协议数据包注入攻击。

The number of OT/IoT vulnerabilities remains high, with 643 published during the six-month period, while Nozomi’s honeypots detected an average of 813 unique attacks daily.

OT / IoT漏洞的数量仍然很高，在六个月期间发布了643个，而Nozomi的蜜罐平均每天检测到813个独特的攻击。

原文始发于微信公众号（Eonian Sharp）：[YA-14] OT/IoT恶意软件在今年上半年激增十倍