Nozomi Networks Labs OT & IoT Security Report

Manufacturing was at the highest risk of attacks in the 2nd half of 2024.

Nearly half (48.4%) of observed cyber threat alerts occurred in the Impact phase of the cyber kill chain in the 2nd half of last year.

Among 619 newly published vulnerabilities in the 2nd half of 2024, 71% were classified as critical.

25% of all observed alerts involved Command and Control (C&C) techniques in the 2nd half of last year.

20 vulnerabilities had high Exploit Prediction Scoring System (EPSS) scores, indicating a high likelihood of future exploitation.

Only 6% of over 500,000 wireless networks worldwide are adequately protected against wireless deauthentication attacks.

Manufacturing was followed by Energy, Communications, Transportation and Commercial Facilities in terms of ICS security advisories released by CISA.

In the 2nd half of 2024, critical infrastructure organisations in the United States saw the highest number of attacks.

Critical manufacturing accounted for 75% of all Common Vulnerabilities and Exposures (CVEs) reported by CISA in the past six months.