Nozomi Networks Enters Next Phase of Growth as Mitsubishi Electric Completes Acquisition
Read the News
Academia
Laboratorios
Carreras profesionales
Acceso de socios
Ayuda
INFORME DE SEGURIDAD

OT/IoT Tendencias e información sobre ciberseguridad

2025 2H Review | February 2026
Lea el informe completo

Importante Si es cliente de Nozomi Networks , está cubierto frente a las vulnerabilidades y amenazas de este informe. Asset intelligence y threat intelligence sobre ellos se hornea en nuestra plataforma por el equipo de laboratorios.

Twice a year the Nozomi Networks Labs teams assesses the OT/IoT threat landscape, leveraging a vast network of globally distributed honeypots, wireless monitoring sensors, inbound telemetry, partnerships, threat intelligence and other resources. Except for IoT botnet activity captured by our honeypots, all data in this report derives from anonymized telemetry from participating Nozomi Networks customers.

Here are highlights from our latest report, covering the second half of 2025.

Lea el informe completo para obtener más información:

Top techniques, targets and threat actors
The OT/IoT vulnerability landscape
Wireless exposure in industrial environments
IoT botnet activity and trends
Recomendaciones para la defensa en profundidad

 Top Techniques and Targets

  • Adversary-in-the-Middle (aka Man-in-the-Middle, or MiTM) was associated with over one-quarter of all alerts. This technique is generally used to sniff sensitive information, including credentials, which can later be used in other stages of the attack.
  • Transportation and Manufacturing remained the #1 and #2 most targeted sectors for the full calendar year, with Government moving into third place.
  • The UK, Germany and Australia produced the highest number of alerts per organization.

Top Malware 

  • After the universal Trojan and versatile RAT categories, the top detected malware categories ware MINER, WORM and DOWNLOADER.
  • After Generic (54.7%), DoublePulsar was the most detected malware family (20.5%), a reminder of how costly it can be to completely remediate a threat used at scale.
  • Scattered Spider was the most detected threat actor (42.9%), consistent with broader reporting that Scattered Spider remained highly active throughout the year, often leveraging social engineering to gain initial access

Vulnerability Landscape

  • Almost half of the vulnerabilities present in observed environments have a CVSS score of HIGH or CRITICAL.
  • The most commonly observed OT vulnerabilities discovered in 2025 affected Siemens, Rockwell Automation and Schneider Electric devices.
  • CWE-416: Use After Free was the most prevalent category (13.8%). It can lead to crashes, data corruption or attacker-controlled code execution.

Wireless Exposure in Industrial Environments

  • 68% of observed wireless networks still operate without Management Frame Protection (MFP), which provides protection against deauth attacks.
  • Enterprise-grade authentication such as 802.1x is observed in only 0.3% of of detected Wi-Fi networks.
  • 14% of observed networks use open or legacy security modes.

IoT Botnet Activity and Trends

  • A third of all attacks against our honeypots came from China.
  • Botnet activity spiked sharply on September 2, 2025, related to an upgrade of the Mirai clone. In one day we recorded attacks from 1,169 different IP addresses.
  • UPX 3.94 is still the most common packer used by attackers to protect IoT malware, despite the availability of newer versions, perhaps because it’s embedded in their toolchains and works on multiple payloads.

Recomendaciones para la defensa en profundidad

Estas son las medidas específicas que los defensores pueden tomar para eliminar los puntos ciegos OTIoT , maximizar los recursos limitados, aumentar la resiliencia operativa y reducir el riesgo empresarial.

Maintain complete asset and network visibility across OT and IoT as the foundation for effective risk management. Seek to eradicate the visibility gaps observed in credential exposure, wireless activity and botnet propagation highlighted in this report.
Strengthen malware detection and blocking with tools that can inspect industrial protocols, monitor lateral movement and identify malicious payloads.
Leverage AI-driven security systems to detect anomalies and threats and surface the most critical issues, with relevant context and guidance. This can dramatically improve detection accuracy and SOC efficiency.
Detect and monitor wireless threats to identify rogue access points, unauthorized devices and misconfigurations. Wireless exposure repeatedly emerged as a silent enabler across multiple attack stages, making detection a foundational control rather than a niche capability. 
Adopt risk-based vulnerability management that correlates asset criticality, exploitability and operational impact. Prioritize the number of High and Critical vulnerabilities in operational environments.
Enable intelligence sharing — including telemetry sharing — across regions, industries and vendors to improve collective cyber resilience and stay ahead of attackers. Doing so strengthens overall resilience against large-scale or coordinated attacks.

Descargue el informe completo de seguridad OT & IoT

Descargar el informe completo

Suscríbase a

LinkedIn

Demo

PLATAFORMA

PlataformaVantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart PollingIntegracionesPSIRT

Servicios profesionales

Servicios profesionalesIngeniero designadoServicios rápidosServicio de chequeo médicoServicio de optimización

Soluciones: Necesidades de las empresas

Detección y respuesta a amenazasSupervisión continua de la redGestión del inventario de activosGestión de riesgos y vulnerabilidadesIoT SeguridadCiberseguridad de los centros de datos

Soluciones: Conformidad

PIC NERCDirectiva NIS2Directivas de seguridad de la TSA

Soluciones: Industria

AeropuertosServicios eléctricosSanidadGobierno federalFabricaciónMarítimoMineríaPetróleo y gasFarmacéuticaFerrocarrilVenta al por menorCiudades inteligentesAgua y aguas residuales

Aprenda

AcademiaCarreras profesionalesEmpresaHistorias de clientesPóngase en contacto con nosotrosSociosRecursosLaboratoriosLegalCentro de confianza
Logotipo de LinkedIn
© 2026 Nozomi Networks Inc. All Rights Reserved. Privacy Policy and Certifications. System Status.