Cybersecurity company Nozomi Networks has released its latest OT and IoT security report, OT/IoT Cybersecurity Trends and Insights, February 2025. It reveals that wireless networks remain woefully unprotected as threat actors continue to gain deep access to critical infrastructure. In the second half of 2024, critical infrastructure organisations in the US saw the highest number of attacks, with manufacturing at the highest risk.
In the last six months, Australia, previously not featured in the top five most attacked countries, rose to fourth position behind the United States, Sweden and Germany. Australia reported the fourth-highest number of alerts per customer operating system, reflecting an increase in attacks attempting to gain access to Australian critical infrastructure industries.
The top five most targeted sectors include critical manufacturing, energy, communications, transportation systems and commercial facilities. In Australia, the most common types of attacks are network denial of service (23.38%), network service scanning (21.1%), remote system discovery (21.1%), adversary-in-the-middle (20.05%), and brute force (4.99%). These use impact, discovery, credential access and collection tactics.
In the latest Nozomi Networks Labs report, an analysis of more than 500,000 wireless networks worldwide found only 6% are adequately protected against wireless de-authentication attacks. This means most wireless networks, including those in mission-critical environments, remain highly exposed. In healthcare, for example, vulnerabilities in wireless networks could lead to unauthorised access to patient data or interference with critical systems. Similarly, in industrial environments, these attacks could disrupt automated processes, halt production lines, or create safety hazards for workers.
According to the report, In the second half of last year, 48.4% of the observed cyber threat alerts occur in the impact phase of the cyber kill chain. This was true across various industries, particularly in manufacturing, transportation, energy, utilities, and water/wastewater. Command and control techniques followed closely (25% of all observed alerts). The Labs’ findings demonstrate the presence of adversaries deep within critical infrastructure systems and their intent to persist and maintain control over access.
Researchers also discovered that among 619 newly published vulnerabilities in the second half of 2024, 71% are classified as critical. Additionally, 20 vulnerabilities have high exploit prediction scoring system scores, indicating a high likelihood of future exploitation. Furthermore, four vulnerabilities have already been observed being actively exploited in the wild. These findings point to an urgent need for organisations to promptly address and mitigate the most critical and dangerous vulnerabilities.
Additionally, of all ICS security advisories released by CISA over the past six months, critical manufacturing topped the list, accounting for 75% of all common vulnerabilities and exposures reported in the past six months. Manufacturing was followed by energy, communications, transportation and commercial facilities.
“Cyberattacks on the world’s critical infrastructure are on the rise,” said Nozomi Networks Director Chris Grove. “The systems we design and defend must not only withstand a barrage of threats in today’s multipolar world but also balance the need to operate safely at scale, where human lives are at stake.”
“By understanding these evolving threats and leveraging actionable insights, we can defend our critical infrastructure systems to ensure resilience, safety and operational continuity in an increasingly uncertain world.”
You can read the full report here.
