Cengiz Özemli
Akademisyen
- Thread Author
- #1
According to the latest Nozomi Networks Labs report, 70% of global ransomware attacks are focused on English-speaking countries. In the second half of last year, 40% of attacks targeted US-based companies, while Canada and the UK accounted for a combined 30% of attacks.
Attacks on companies in these countries increase the scale of the threat, thereby raising the probability of success. As these three countries constitute approximately 30% of the global economy, these attacks pose a significant macroeconomic risk.
### Wireless Networks Still a Major Security Risk
Wireless communication is increasingly prevalent in industrial and critical infrastructure environments but is often used without security considerations or without operators' awareness. The report reveals that 68% of observed wireless networks operate without Management Frame Protection (MFP), despite using modern encryption.
Only 2% use enterprise-level authentication like 802.1X. Approximately 98% rely entirely on Pre-Shared Key (PSK)-based authentication. This makes long-term misuse and accountability tracking difficult and is not considered appropriate for industrial environments.
### Transportation Sector Most Targeted in 2025, Public Sector Attacks on the Rise
The transportation sector was the most attacked sector in both halves of 2025, with manufacturing and the public sector ranking second in the latter half. Public sector attacks increased significantly, particularly due to rising geopolitical tensions, state-sponsored attacks, and hacktivism.
Reconnaissance attacks were the most common type in the public sector, indicating that attackers do not yet fully understand the target environments.
### Scattered Spider Group Carries Out Nearly Half of Attacks
Scattered Spider, highly active in the summer of 2025, accounted for 42.9% of all actor-related alerts in the second half of the year. It was followed by North Korea-linked Kimsuky, Russia-linked APT29, Iran-linked CURIUM, and the non-nationalist Mustard Tempest.
Given current geopolitical tensions, activities linked to China, Iran, and Russia are expected to remain significant trends in 2026.
### Recommendations for Critical Infrastructure Security
Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, stated that critical infrastructures face an unprecedented threat landscape. Operators must understand current threats, ensure clear asset visibility, detect anomalies with AI-powered security systems, perform risk-based vulnerability management, and adapt to changes in tactics by increasing intelligence sharing.
Nozomi Networks Labs' "OT/IoT Cybersecurity Trends and Insights" report provides up-to-date recommendations and risk assessments for security professionals to protect critical infrastructures.
