Table of Contents
A recent report from Nozomi Networks Labs, based on an analysis of over 500,000 wireless networks worldwide, reveals that only 6% are adequately protected against wireless deauthentication attacks.
Most wireless networks, including those in mission-critical environments, remain highly exposed to these attacks. In healthcare, for example, vulnerabilities in wireless networks could lead to unauthorized access to patient data or interference with critical systems. Similarly, in industrial environments, these attacks could disrupt automated processes, halt production lines, or create safety hazards for workers.
Key threats to industrial wireless environments
- Deauthentication attacks exploit weaknesses in network protocols to forcibly disconnect devices from the network, disrupting operations and creating opportunities for further attacks. These attacks take advantage of a built-in Wi-Fi feature—management frames used for device-to-access point communication. By sending fake deauthentication frames, attackers can sever connections, potentially leading to severe consequences such as data interception and unauthorized access when combined with other malicious actions.
- Rogue Access Points (APs) are unauthorized devices set up by attackers to mimic legitimate networks. These deceptive APs trick devices into connecting, exposing data and creating an entry point for cyber threats.
- Eavesdropping occurs when unencrypted wireless communications are intercepted, allowing attackers to steal credentials, access sensitive data, or monitor operations. This threat is particularly prevalent on unsecured public Wi-Fi networks, such as those in airports and hotels.
- Jamming attacks involve malicious actors flooding wireless channels with interference, disrupting communications and causing downtime or operational inefficiencies. These attacks can cripple industrial processes reliant on real-time connectivity.
Cyber threat activity
According to the report, in the 2nd half of last year, 48.4% of the observed cyber threat alerts occurred in the impact phase of the cyber kill chain. This was true across various industries, particularly manufacturing, transportation, energy, utilities, and water/wastewater. Command and Control (C&C) techniques followed closely (25% of all observed alerts). The Labs’ findings demonstrate the presence of adversaries within critical infrastructure systems and their intent to persist and maintain control over access.
Vulnerability insights
Researchers also discovered that among 619 newly published vulnerabilities in the 2nd half of 2024, 71% were classified as critical. Additionally, 20 vulnerabilities have high Exploit Prediction Scoring System (EPSS) scores, indicating a high likelihood of future exploitation. Furthermore, four vulnerabilities have already been observed being actively exploited in the wild (KEV). These findings point to organizations needing to address and mitigate the most critical and dangerous vulnerabilities.
Top 10 most common MITRE ATT&CK techniques associated with raised alerts (Source: Nozomi Networks)
Additionally, of all ICS security advisories released by CISA over the past six months, critical manufacturing topped the list, accounting for 75% of all Common Vulnerabilities and Exposures (CVEs) reported in that period. Manufacturing was followed by energy, communications, transportation, and commercial facilities.
“Cyberattacks on the world’s critical infrastructure are on the rise,” said Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks. “The systems we design and defend must not only withstand a barrage of threats but also balance the need to operate safely at scale, where human lives are at stake. By understanding these threats and leveraging insights, we can defend our critical infrastructure systems to ensure resilience, safety, and operational continuity.”
