The latest Nozomi Networks Labs OT & IoT Security Report released today finds healthcare services was the most targeted industry in Australia, followed by manufacturing. During the second half of last year, threat actors increased their usage of generative AI in their activity, attacks against companies in English-speaking countries are increasing in scale and have a higher likelihood of success. The report also found 70 per cent of global ransomware activity is targeting English-speaking countries, with the US, UK, and Canada the three most targeted countries. Alarmingly, these countries account for nearly 30 per cent of the world’s GDP, meaning attackers have the potential for massive macroeconomic disruption from successful attacks.
Read the Report: OT/IoT Cybersecurity Trends and Insights, February 2026.
Other key findings from this latest report include:
Australia Among Countries with the Highest Number of Alerts per Organisation
In the second half of 2025, Australia produced the third highest number of alerts per organisation, increasing from fourth position in first half of the year. The UK had the highest number of alerts per organisation, with Germany in second. Australia has consistently ranked among the most targeted countries, and its continued upward movement indicates sustained attacker focus and a pressing need to keep environments secure and operational.
Default Credentials Persist as Australia’s Top Threat Technique
Default Credentials and Valid Accounts attacks dominate in Australia, accounting for over one third of all alerts raised. Remote System Discovery and Network Service Scanning techniques followed, associated with attackers exploring the victims’ environments. In the previous 6-month period, the most prevalent threats affecting the region were also Default Credentials and Valid Accounts, signifying the continuous interest from attackers in these techniques.
Wireless Networks Continue to Pose a Severe Security Threat
Wireless communications are increasingly present in industrial and critical infrastructure environments, often without formal design or attention to security, and sometimes completely unknown to the operators. Nozomi’s report found that 68 per cent of observed wireless networks still operate without Management Frame Protection (MFP) despite using modern encryption, and only 2 per cent of organisations use enterprise-grade authentication, such as 802.1X. Additionally, approximately 98 per cent of observed wireless networks rely exclusively on Pre-Shared Key (PSK)–based authentication, making it by far the dominant model in operational environments. This is a particular concern as shared credentials remove accountability and enable long-term reuse, making it hard to distinguish legitimate access from misuse once exposed. While the PSK security model works well for coffee shops and guest Wi-Fi, it is not suitable for industrial enterprises.
Healthcare Was Australia’s Most Targeted Industry, While Transportation Topped Global Findings
In both halves of 2025, the transportation industry was the most targeted industry globally, and in the second half of 2025 was followed by manufacturing and public sector. In Australia, healthcare services was the most targeted industry, followed by manufacturing. Notably, attacks against public sector spiked between the first and second halves of 2025, due in large part to growing geopolitical tensions leading to a rise in nation-state activity and hacktivism. Unique to the public sector, Discovery tactics were the most commonly detected, most likely due to many threat actors still exploring the environments they intend to attack.
Scattered Spider Activity Accounts for Nearly Half of Attacks
Following a very active period in the Summer of 2025, Scattered Spider accounted for 42.9 per cent of all actor-related alerts in the second half of the year. Kimsuky (out of North Korea), APT29 (out of Russia), CURIUM (out of Iran), and Mustard Tempest (no nation-state affiliation) were the second through fifth most active groups, respectively. Based on these findings and given current geopolitical tensions, Nozomi expects activity related to China, Iran, and Russia to be dominant trends to monitor for in 2026.
Security Insights and Recommendations to Protect Critical Infrastructure
“Critical infrastructure has never faced a more dangerous threat landscape, and the scale and severity of attacks against it will only increase,” said Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks. “It is imperative for operators to understand the current threat landscape and prepare their systems accordingly. They must establish clear asset visibility, leverage AI-driven security systems to detect anomalies and threats, prioritise risk-based vulnerability management, and enable intelligence sharing to keep up with evolving tactics.”
Nozomi Networks Labs’ “OT/IoT Cybersecurity Trends and Insights” report provides security professionals with updated information to re-evaluate risk models and security initiatives and recommendations for securing critical infrastructure.
