cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Cyber attacker ‘traps’ uncover threat activity impact after Russia’s invasion of Ukraine

Nozomi Networks researchers have found that wiper malware, IoT botnet activity, and Russia’s invasion of Ukraine have impacted the cyber threat landscape heavily in the first half of 2022.

user iconReporter
Wed, 03 Aug 2022
Cyber attacker ‘traps’ uncover threat activity impact after Russia’s invasion of Ukraine
expand image

Data from Nozomi Network's latest operational technology (OT)/IoT security report has shown that the cyber threat landscape saw activity from several types of threat actors, including hacktivists, nation-state advanced persistent threats (APTs), and cyber criminals since Russia began its invasion of Ukraine in February 2022.

According to Roya Gordon, Nozomi Networks' OT/IoT security research evangelist, this year's cyber threat landscape is complex.

"Many factors including increasing numbers of connected devices, the sophistication of malicious actors, and shifts in attack motivations are increasing the risk for a breach or cyber physical attack," Gordon said.


Nozomi Networks researchers also observed the robust usage of wiper malware and witnessed the emergence of an Industroyer malware variant, which was used in the cyber attack on Ukraine’s power grid. Dubbed Industroyer2, the malware was developed to misuse the IEC-104 protocol, which is commonly used in industrial environments.

During the first half of 2022, malicious IoT botnet activity was also on the rise and growing in sophistication.

Nozomi Networks researchers have set up a series of honey pots to attract these malicious botnets aiming to capture their activity in order to provide additional insights into how threat actors target IoT. Through this research model, Nozomi Networks researchers uncovered growing security concerns for both hard-coded passwords and internet interfaces for end-user credentials.

From January to June 2022, Nozomi Networks honey pots found:

  • March was the most active month with close to 5,000 unique attacker IP addresses collected.
  • The top attacker IP addresses were associated with China and the United States.
  • "Root" and "Admin" credentials were most often targeted and used in multiple variations as a way for threat actors to access all system commands and user accounts.

Manufacturing and energy continue to be the most vulnerable industries according to Nozomi Networks researchers, followed by healthcare and commercial facilities.

During the first six months of 2022:

  • CISA released 560 common vulnerabilities and exposures (CVEs) – down 14 per cent from the second half of 2021.
  • The number of impacted vendors went up 27 per cent.
  • Affected products were also up 19 per cent from the second half of 2021.

As the cyber threats continue to develop, Gordon notes that fortunately, security defences are evolving too.

"Solutions are available now to give critical infrastructure organisations the network visibility, dynamic threat detection, and actionable intelligence they need to minimise risk and maximise resilience," Gordon concluded.

[Related: North Korean hackers stealing email content via malicious ‘SharpTongue’ browser extension]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.