Nozomi Networks Enters Next Phase of Growth as Mitsubishi Electric Completes Acquisition
Read the News
アカデミー
ラボ
採用情報
パートナーログイン
サポート
セキュリティレポート

OT / IoTサイバーセキュリティの動向と洞察

2025 2H Review | February 2026
レポート全文を読む(英語)

重要:Nozomi Networks お客様であれば、本レポートに記載されている脆弱性や脅威をカバーすることができます。 Asset intelligenceそして threat intelligenceLabsチームによって弊社のプラットフォームに組み込まれています。

Twice a year the Nozomi Networks Labs teams assesses the OT/IoT threat landscape, leveraging a vast network of globally distributed honeypots, wireless monitoring sensors, inbound telemetry, partnerships, threat intelligence and other resources. Except for IoT botnet activity captured by our honeypots, all data in this report derives from anonymized telemetry from participating Nozomi Networks customers.

Here are highlights from our latest report, covering the second half of 2025.

レポート概要:

Top techniques, targets and threat actors
The OT/IoT vulnerability landscape
Wireless exposure in industrial environments
IoT botnet activity and trends
深層防衛のすすめ

 Top Techniques and Targets

  • Adversary-in-the-Middle (aka Man-in-the-Middle, or MiTM) was associated with over one-quarter of all alerts. This technique is generally used to sniff sensitive information, including credentials, which can later be used in other stages of the attack.
  • Transportation and Manufacturing remained the #1 and #2 most targeted sectors for the full calendar year, with Government moving into third place.
  • The UK, Germany and Australia produced the highest number of alerts per organization.

Top Malware 

  • After the universal Trojan and versatile RAT categories, the top detected malware categories ware MINER, WORM and DOWNLOADER.
  • After Generic (54.7%), DoublePulsar was the most detected malware family (20.5%), a reminder of how costly it can be to completely remediate a threat used at scale.
  • Scattered Spider was the most detected threat actor (42.9%), consistent with broader reporting that Scattered Spider remained highly active throughout the year, often leveraging social engineering to gain initial access

Vulnerability Landscape

  • Almost half of the vulnerabilities present in observed environments have a CVSS score of HIGH or CRITICAL.
  • The most commonly observed OT vulnerabilities discovered in 2025 affected Siemens, Rockwell Automation and Schneider Electric devices.
  • CWE-416: Use After Free was the most prevalent category (13.8%). It can lead to crashes, data corruption or attacker-controlled code execution.

Wireless Exposure in Industrial Environments

  • 68% of observed wireless networks still operate without Management Frame Protection (MFP), which provides protection against deauth attacks.
  • Enterprise-grade authentication such as 802.1x is observed in only 0.3% of of detected Wi-Fi networks.
  • 14% of observed networks use open or legacy security modes.

IoT Botnet Activity and Trends

  • A third of all attacks against our honeypots came from China.
  • Botnet activity spiked sharply on September 2, 2025, related to an upgrade of the Mirai clone. In one day we recorded attacks from 1,169 different IP addresses.
  • UPX 3.94 is still the most common packer used by attackers to protect IoT malware, despite the availability of newer versions, perhaps because it’s embedded in their toolchains and works on multiple payloads.

深層防衛のすすめ

OT/IoT の盲点を取り除き、限られたリソースを最大限に活用し、オペレーションの回復力を高め、ビジネスリスクを低減するために、防衛担当者が取るべき具体的な行動を紹介します。

Maintain complete asset and network visibility across OT and IoT as the foundation for effective risk management. Seek to eradicate the visibility gaps observed in credential exposure, wireless activity and botnet propagation highlighted in this report.
Strengthen malware detection and blocking with tools that can inspect industrial protocols, monitor lateral movement and identify malicious payloads.
Leverage AI-driven security systems to detect anomalies and threats and surface the most critical issues, with relevant context and guidance. This can dramatically improve detection accuracy and SOC efficiency.
Detect and monitor wireless threats to identify rogue access points, unauthorized devices and misconfigurations. Wireless exposure repeatedly emerged as a silent enabler across multiple attack stages, making detection a foundational control rather than a niche capability. 
Adopt risk-based vulnerability management that correlates asset criticality, exploitability and operational impact. Prioritize the number of High and Critical vulnerabilities in operational environments.
Enable intelligence sharing — including telemetry sharing — across regions, industries and vendors to improve collective cyber resilience and stay ahead of attackers. Doing so strengthens overall resilience against large-scale or coordinated attacks.

完全版OT&IoTセキュリティレポートのダウンロード

全レポートのダウンロード(英語)

購読する

LinkedIn

デモを希望

プラットフォーム

プラットフォームの概要VantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat Intelligence (脅威インテリジェンス)スマートポーリングインテグレーションPSIRT

プロフェッショナルサービス

プロフェッショナルサービス指定エンジニアファースト・トラック・サービスヘルスチェック・サービス最適化サービス

ソリューション:ビジネスニーズ

脅威の検知と対応継続的なネットワーク監視資産在庫管理リスクと脆弱性の管理IoT セキュリティデータセンターのサイバーセキュリティ

ソリューション:コンプライアンス

NERC CIPNIS2 指令TSA セキュリティ指令

ソリューション:産業

空港電気事業ヘルスケア連邦政府製造業海事鉱業石油&ガス医薬品鉄道小売スマートシティ上下水道

詳細を見る

アカデミー採用情報会社概要お客様の声お問い合わせパートナーリソースラボ法務トラストセンター
LinkedIn logo
© 2026 Nozomi Networks Inc. All Rights Reserved. Privacy Policy and Certifications. System Status.