Critical infrastructure attacks were analyzed in a recent report by Forescout Research. The report found more than 420 million attacks between January and December 2023. That is 13 attacks per second, a 30% increase from 2022
Exploits against software libraries are witnessing a decline due to the waning popularity of Log4j exploits, according to the report. This lull has given rise to a surge in exploits targeting network infrastructure and Internet of Things (IoT) devices. Among the IoT landscape, the spotlight falls on IP cameras, building automation systems and network-attached storage, emerging as the most sought-after targets for malicious actors.
According to the report, operational technology (OT) finds itself under relentless assault, with five key protocols bearing the brunt of persistent attacks. The primary targets include protocols used in industrial automation and power sectors, such as Modbus, subject to a staggering one-third of all attacks, closely followed by Ethernet/IP, Step7, and DNP3, each accounting for approximately 18% of the onslaught. IEC10X rounds out this list with 10% of attacks, leaving the remaining 2% distributed among various protocols, with BACnet emerging as the majority.