Nozomi Networks Enters Next Phase of Growth as Mitsubishi Electric Completes Acquisition
Read the News
Akademie
Laboratorien
Karriere
Partner-Anmeldung
Unterstützung
SICHERHEITSBERICHT

OT/IoT Trends und Einblicke in die Cybersicherheit

2025 2H Review | February 2026
Lesen Sie den vollständigen Bericht

Wichtig! Wenn Sie Kunde von Nozomi Networks sind, sind Sie gegen die in diesem Bericht genannten Schwachstellen und Bedrohungen abgesichert. Asset intelligence und threat intelligence werden vom Labs-Team in unsere Plattform integriert.

Twice a year the Nozomi Networks Labs teams assesses the OT/IoT threat landscape, leveraging a vast network of globally distributed honeypots, wireless monitoring sensors, inbound telemetry, partnerships, threat intelligence and other resources. Except for IoT botnet activity captured by our honeypots, all data in this report derives from anonymized telemetry from participating Nozomi Networks customers.

Here are highlights from our latest report, covering the second half of 2025.

Lesen Sie den vollständigen Bericht, um tiefere Einblicke zu erhalten:

Top techniques, targets and threat actors
The OT/IoT vulnerability landscape
Wireless exposure in industrial environments
IoT botnet activity and trends
Empfehlungen für die Verteidigung in der Tiefe

 Top Techniques and Targets

  • Adversary-in-the-Middle (aka Man-in-the-Middle, or MiTM) was associated with over one-quarter of all alerts. This technique is generally used to sniff sensitive information, including credentials, which can later be used in other stages of the attack.
  • Transportation and Manufacturing remained the #1 and #2 most targeted sectors for the full calendar year, with Government moving into third place.
  • The UK, Germany and Australia produced the highest number of alerts per organization.

Top Malware 

  • After the universal Trojan and versatile RAT categories, the top detected malware categories ware MINER, WORM and DOWNLOADER.
  • After Generic (54.7%), DoublePulsar was the most detected malware family (20.5%), a reminder of how costly it can be to completely remediate a threat used at scale.
  • Scattered Spider was the most detected threat actor (42.9%), consistent with broader reporting that Scattered Spider remained highly active throughout the year, often leveraging social engineering to gain initial access

Vulnerability Landscape

  • Almost half of the vulnerabilities present in observed environments have a CVSS score of HIGH or CRITICAL.
  • The most commonly observed OT vulnerabilities discovered in 2025 affected Siemens, Rockwell Automation and Schneider Electric devices.
  • CWE-416: Use After Free was the most prevalent category (13.8%). It can lead to crashes, data corruption or attacker-controlled code execution.

Wireless Exposure in Industrial Environments

  • 68% of observed wireless networks still operate without Management Frame Protection (MFP), which provides protection against deauth attacks.
  • Enterprise-grade authentication such as 802.1x is observed in only 0.3% of of detected Wi-Fi networks.
  • 14% of observed networks use open or legacy security modes.

IoT Botnet Activity and Trends

  • A third of all attacks against our honeypots came from China.
  • Botnet activity spiked sharply on September 2, 2025, related to an upgrade of the Mirai clone. In one day we recorded attacks from 1,169 different IP addresses.
  • UPX 3.94 is still the most common packer used by attackers to protect IoT malware, despite the availability of newer versions, perhaps because it’s embedded in their toolchains and works on multiple payloads.

Empfehlungen für Defense in Depth

Im Folgenden finden Sie konkrete Maßnahmen, die Verteidiger ergreifen können, um blinde Flecken im OTIoT zu beseitigen, begrenzte Ressourcen zu maximieren, die betriebliche Widerstandsfähigkeit zu erhöhen und Geschäftsrisiken zu verringern.

Maintain complete asset and network visibility across OT and IoT as the foundation for effective risk management. Seek to eradicate the visibility gaps observed in credential exposure, wireless activity and botnet propagation highlighted in this report.
Strengthen malware detection and blocking with tools that can inspect industrial protocols, monitor lateral movement and identify malicious payloads.
Leverage AI-driven security systems to detect anomalies and threats and surface the most critical issues, with relevant context and guidance. This can dramatically improve detection accuracy and SOC efficiency.
Detect and monitor wireless threats to identify rogue access points, unauthorized devices and misconfigurations. Wireless exposure repeatedly emerged as a silent enabler across multiple attack stages, making detection a foundational control rather than a niche capability. 
Adopt risk-based vulnerability management that correlates asset criticality, exploitability and operational impact. Prioritize the number of High and Critical vulnerabilities in operational environments.
Enable intelligence sharing — including telemetry sharing — across regions, industries and vendors to improve collective cyber resilience and stay ahead of attackers. Doing so strengthens overall resilience against large-scale or coordinated attacks.

Laden Sie den vollständigen OT & IoT Sicherheitsbericht herunter

Laden Sie den vollständigen Bericht herunter

Abonnieren

LinkedIn

Demo

PLATFORM

Überblick über die PlattformVantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart PollingIntegrationenPSIRT

Professionelle Dienstleistungen

Professionelle DienstleistungenBeauftragter IngenieurFast Track DienstleistungenGesundheitscheck-ServiceOptimierung der Dienstleistung

Lösungen: Geschäftsanforderungen

Erkennung von und Reaktion auf BedrohungenKontinuierliche NetzwerküberwachungVerwaltung des AnlagenbestandsRisiko- und SchwachstellenmanagementIoT SicherheitCybersecurity im Rechenzentrum

Lösungen: Einhaltung der Vorschriften

NERC CIPNIS2-RichtlinieTSA-Sicherheitsrichtlinien

Lösungen: Industrie

FlughäfenStromversorgungsunternehmenGesundheitswesenFöderale RegierungHerstellungMaritimBergbauÖl und GasPharmazeutischeSchieneEinzelhandelIntelligente StädteWasser/Abwasser

Lernen Sie

AkademieKarriereUnternehmenKundengeschichtenKontaktPartnerRessourcenLaboratorienRechtlichesTrust Center
LinkedIn-Logo
© 2026 Nozomi Networks Inc. All Rights Reserved. Privacy Policy and Certifications. System Status.