The latest Nozomi Networks Labs OT & IoT Security Report released today finds Australia the fourth most targeted country. The report assesses the operational technology (OT) and Internet of Things (IoT) threat landscape to provide insights into how industrial organisations and critical infrastructure are being targeted by cyberattacks. Leveraging a vast network of globally distributed honeypots, wireless monitoring sensors, inbound telemetry, partnerships and other resources, the threat intelligence team uncovers trends, novel attack methods and insights.

Australia maintains fourth position

In the last six months, Australia maintained its position as the fourth most targeted country behind Japan, Germany and Brazil. In Australia, the top threats include default credentials and valid accounts attacks, which accounted for 45.6 per cent of all the alerts raised. Adversary-in-the-Middle technique followed as the third most popular threat tactic. This threat is associated with attackers establishing themselves between two communicating entities. In the previous six month period, Network Denial of Service was the most prevalent technique observed in Australia. This now takes fourth place.

In Australia, manufacturing was the most targeted industry during this period, followed by minerals and mining.

Botnet Activity

Australia was not among the top 10 countries for IoT botnet activity. However, Australia is now the 20^th most active country of IoT botnets, moving from 25^th position in the previous six months. This shows an increase in botnet activity and signifies a small deterioration in the situation.

The number of compromised devices in Australia fluctuates throughout the year. Spikes in compromised devices are associated with the increased activity of botnets. In Australia, research showed an increased number of connection attempts on January 17 and 18, associated with an updated Mirai-based botnet.

From the global report

• Botnet attacks originated predominantly from the U.S., which overtook China in the number of compromised devices.
• The cyberworld reflects military conflict. In May and June there was a 133 per cent increase in cyber-attacks coming from six well-known Iranian threat actor groups – primarily targeting U.S. transportation and manufacturing organisations.
• Globally, the top targeted industries included transportation, manufacturing, business services, minerals and mining, and energy, utilities and waste.