Nozomi Networks Enters Next Phase of Growth as Mitsubishi Electric Completes Acquisition
Read the News
Académie
Laboratoires
Carrières
Connexion des partenaires
Soutien
RAPPORT DE SÉCURITÉ

OT/IoT Tendances et perspectives en matière de cybersécurité

2025 2H Review | February 2026
Lire le rapport complet

Important ! Si vous êtes un client de Nozomi Networks , vous êtes couvert pour les vulnérabilités et les menaces contenues dans ce rapport. Asset intelligence et threat intelligence sont intégrées à notre plateforme par l'équipe Labs.

Twice a year the Nozomi Networks Labs teams assesses the OT/IoT threat landscape, leveraging a vast network of globally distributed honeypots, wireless monitoring sensors, inbound telemetry, partnerships, threat intelligence and other resources. Except for IoT botnet activity captured by our honeypots, all data in this report derives from anonymized telemetry from participating Nozomi Networks customers.

Here are highlights from our latest report, covering the second half of 2025.

Lisez le rapport complet pour obtenir des informations plus approfondies :

Top techniques, targets and threat actors
The OT/IoT vulnerability landscape
Wireless exposure in industrial environments
IoT botnet activity and trends
Recommandations pour la défense en profondeur

 Top Techniques and Targets

  • Adversary-in-the-Middle (aka Man-in-the-Middle, or MiTM) was associated with over one-quarter of all alerts. This technique is generally used to sniff sensitive information, including credentials, which can later be used in other stages of the attack.
  • Transportation and Manufacturing remained the #1 and #2 most targeted sectors for the full calendar year, with Government moving into third place.
  • The UK, Germany and Australia produced the highest number of alerts per organization.

Top Malware 

  • After the universal Trojan and versatile RAT categories, the top detected malware categories ware MINER, WORM and DOWNLOADER.
  • After Generic (54.7%), DoublePulsar was the most detected malware family (20.5%), a reminder of how costly it can be to completely remediate a threat used at scale.
  • Scattered Spider was the most detected threat actor (42.9%), consistent with broader reporting that Scattered Spider remained highly active throughout the year, often leveraging social engineering to gain initial access

Vulnerability Landscape

  • Almost half of the vulnerabilities present in observed environments have a CVSS score of HIGH or CRITICAL.
  • The most commonly observed OT vulnerabilities discovered in 2025 affected Siemens, Rockwell Automation and Schneider Electric devices.
  • CWE-416: Use After Free was the most prevalent category (13.8%). It can lead to crashes, data corruption or attacker-controlled code execution.

Wireless Exposure in Industrial Environments

  • 68% of observed wireless networks still operate without Management Frame Protection (MFP), which provides protection against deauth attacks.
  • Enterprise-grade authentication such as 802.1x is observed in only 0.3% of of detected Wi-Fi networks.
  • 14% of observed networks use open or legacy security modes.

IoT Botnet Activity and Trends

  • A third of all attacks against our honeypots came from China.
  • Botnet activity spiked sharply on September 2, 2025, related to an upgrade of the Mirai clone. In one day we recorded attacks from 1,169 different IP addresses.
  • UPX 3.94 is still the most common packer used by attackers to protect IoT malware, despite the availability of newer versions, perhaps because it’s embedded in their toolchains and works on multiple payloads.

Recommandations pour la défense en profondeur

Voici des mesures spécifiques que les défenseurs peuvent prendre pour éliminer les angles morts IoT , maximiser les ressources limitées, accroître la résilience opérationnelle et réduire les risques commerciaux.

Maintain complete asset and network visibility across OT and IoT as the foundation for effective risk management. Seek to eradicate the visibility gaps observed in credential exposure, wireless activity and botnet propagation highlighted in this report.
Strengthen malware detection and blocking with tools that can inspect industrial protocols, monitor lateral movement and identify malicious payloads.
Leverage AI-driven security systems to detect anomalies and threats and surface the most critical issues, with relevant context and guidance. This can dramatically improve detection accuracy and SOC efficiency.
Detect and monitor wireless threats to identify rogue access points, unauthorized devices and misconfigurations. Wireless exposure repeatedly emerged as a silent enabler across multiple attack stages, making detection a foundational control rather than a niche capability. 
Adopt risk-based vulnerability management that correlates asset criticality, exploitability and operational impact. Prioritize the number of High and Critical vulnerabilities in operational environments.
Enable intelligence sharing — including telemetry sharing — across regions, industries and vendors to improve collective cyber resilience and stay ahead of attackers. Doing so strengthens overall resilience against large-scale or coordinated attacks.

Télécharger le rapport complet sur la sécurité OT et IoT

Télécharger le rapport complet

S'abonner

LinkedIn

Démonstration

PLATEFORME

Aperçu de la plate-formeVantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart PollingIntégrationsPSIRT

Services professionnels

Services professionnelsIngénieur désignéServices Fast TrackService de bilan de santéService d'optimisation

Solutions : Besoins des entreprises

Détection et réponse aux menacesSurveillance continue du réseauGestion de l'inventaire des actifsGestion des risques et des vulnérabilitésIoT SécuritéCybersécurité des centres de données

Solutions : Conformité

NERC CIPDirective NIS2Directives de sécurité de la TSA

Solutions : Industrie

AéroportsServices d'électricitéSoins de santéGouvernement fédéralFabricationMaritimeExploitation minièrePétrole et gazPharmaceutiqueRailVente au détailVilles intelligentesEau et eaux usées

Apprendre

AcadémieCarrièresEntrepriseTémoignages de clientsNous contacterPartenairesRessourcesLaboratoiresJuridiqueCentre fiduciaire
Logo LinkedIn
© 2026 Nozomi Networks Inc. All Rights Reserved. Privacy Policy and Certifications. System Status.