A child waves the Ukrainian flag for passing soldiers on the road to Bakhmut on Jan. 13, 2023, in Druzhkivka, Ukraine. (Photo by Spencer Platt/Getty Images)

Nozomi Networks on Wednesday reported that wiper malware, IoT botnet activity, and the Russia-Ukraine war significantly influenced the threat landscape last year.

The company's researchers say they saw hacktivists shift tactics from data theft and DDoS attacks to using more destructive malware with an aim towards destabilizing critical infrastructure to further their political stance in the Russia-Ukraine war.

“Over the past six months, cyberattacks have increased significantly, causing major disruption to industries ranging from transportation to healthcare,” said Roya Gordon, OT/IoT security research evangelist at Nozomi Networks. “Railways, in particular, have been subject to attacks, leading to the implementation of measures designed to protect rail operators and their assets. As cyber threats evolve and intensify, it’s important for organizations to understand how threat actors are targeting OT/IoT and the actions required to defend critical assets from threat actors.”

Bud Broomhead, chief executive officer at Viakoo, said the Nozomi Networks report reflects the reality of how threat actors are leveraging open source software vulnerabilities and have aggressively expanded the IoT/OT attack surface. 

Broomhead said while the number of CVEs released by CISA declined significantly in the second half of 2022 (down 61%) there was an increase in the number of vendors and products impacted: these numbers highlight how open source software vulnerabilities in IoT/OT devices is where organizations need to improve their security posture.

“What was unstated in their report — but clear in the findings — is that organizations are struggling to address the scale issue with IoT/OT devices,” said Broomhead. “For example every organization has password policies, but because of scale and lack of automation many non-IT systems (IoT/OT in particular) are still using default or easily guess passwords.”