News brief: Rising OT threats put critical infrastructure at risk
Check out the latest security news from the Informa TechTarget team.
One of the most notorious ransomware incidents in history happened in May 2021, when malicious hackers held the Colonial Pipeline hostage, causing gas shortages and widespread panic. The high-profile incident underscored the vulnerability of U.S. critical infrastructure and operational technology (OT) to cyberattacks.
Today, OT -- which we rely on for water, transportation, food, electricity and more -- faces escalating threats. According to recent research from Fortinet, 82% of organizations saw intrusions affect their OT systems in the past year, an increase from 73% in 2024 and 49% in 2023.
This week's featured articles explore the global financial stakes of OT security, vulnerabilities opening critical infrastructure to attack and new guidance from the federal government for securing OT assets.
OT cyber threats put more than $300B at risk annually
Catastrophic cybersecurity events involving OT have the potential to cost nearly $330 billion in a single year, according to a new report by security vendor Dragos and risk services firm Marsh McLennan, with business interruption accounting for $172 billion of those losses. The researchers said there is a .4% likelihood of such a scenario unfolding in 2026.
In contrast, the average annual global risk is $12.7 billion, while the 12-month aggregated risk is $31 billion.
According to Dragos researchers, many companies underestimate the risk that OT disruptions pose to business continuity. As a result, they focus their cybersecurity budgets primarily on IT rather than OT.
The report suggested reducing OT risk with the following strategies:
- Maintain comprehensive incident response plans.
- Use defensible architecture.
- Perform continuous monitoring.
OT networks under active attack due to critical RCE flaw
Attackers are exploiting a critical remote code execution (RCE) vulnerability in the Erlang programming language's Open Telecom Platform, widely used in OT networks and critical infrastructure. The flaw enables unauthenticated users to execute commands through SSH connection protocol messages that should be processed only after authentication.
Researchers from Palo Alto Networks' Unit 42 said they have observed more than 3,300 exploitation attempts since May 1, with about 70% targeting OT networks across healthcare, agriculture, media and high-tech sectors.
Experts urged affected organizations to patch immediately, calling it a top priority for any security team defending an OT network. The flaw, which has a CVSS score of 10, could enable an attacker to gain full control over a system and disrupt connected systems -- particularly worrisome in critical infrastructure.
Read the full story by Elizabeth Montalbano on Dark Reading.
Attackers use Citrix NetScaler flaws to penetrate critical infrastructure
Dutch authorities have reported successful cyberattacks against critical infrastructure organizations using vulnerabilities in Citrix NetScaler products. The attacks began in May, predating Citrix's June disclosure of two critical flaws. The sophisticated attackers reportedly concealed their activities by erasing evidence of the intrusions.
Thousands of vulnerable NetScaler instances remain exposed worldwide, including more than 1,300 in the U.S., according to the Shadowserver Foundation. The group said it has detected exploitation attempts for both vulnerabilities.
CISA has urged organizations to immediately patch the vulnerability. Security experts fear widespread attacks like those that exploited the Citrix Bleed vulnerability in 2023.
Industrial protocol's encryption flaws leave critical infrastructure exposed
A security researcher has uncovered significant vulnerabilities in Open Platform Communications Unified Architecture (OPC UA), a widely used industrial communication protocol that often replaces VPNs in OT environments.
Despite its complex cryptography, the protocol contains design flaws that could enable attackers to bypass authentication and exploit outdated encryption standards. Researcher Tom Tervoort, a security specialist at Netherlands-based security company Secura, identified issues affecting at least seven different products, resulting in the issuing of three CVEs.
The OPC Foundation has worked with vendors to implement fixes, which include software updates and configuration changes. Organizations using OPC UA are advised to check vendor documentation, apply patches and consider IP allowlisting to protect critical infrastructure from potential exploitation.
Global cybersecurity alliance offers OT asset inventory guidelines
U.S. agencies and international partners from Australia, Canada, Germany, the Netherlands and New Zealand have released new guidance on maintaining asset inventories in critical infrastructure organizations.
The document provides best practices for inventorying and managing OT assets, which, in turn, enables teams to more effectively secure them. Guidelines include the following:
- Prioritize security measures based on risk levels.
- Review asset maintenance plans and maintain spare-parts inventories to maximize operational reliability.
- Compare the cost of system upgrades with the cost of potential outages.
- Implement secure-by-design systems.
- Use change management processes to keep inventories current.
Read the full story by Eric Geller on Cybersecurity Dive.
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Alissa Irei is senior site editor of Informa TechTarget Security.
Dig Deeper on Security operations and management
-
![]()
Nokia launches DAC Marketplace to empower industrial enterprises
By: Joe O’Halloran
-
![]()
Rockwell urges users to disconnect ICS equipment
By: Alex Scroxton
-
![]()
Patch Tuesday: Windows Server 2008 receives emergency security patch
By: Cliff Saran
-
![]()
Forescout uncovers 21 Sierra Wireless router vulnerabilities
By: Arielle Waldman
