putilov_denis - stock.adobe.com
News brief: Critical infrastructure, OT cybersecurity attacks
Check out the latest security news from TechTarget SearchSecurity's sister sites, Cybersecurity Dive and Dark Reading.
The Stuxnet worm is widely recognized as the first confirmed cyberattack designed to damage critical infrastructure. Discovered in 2010 but used as early as 2009, it targeted uranium enrichment systems at Iran's Natanz Nuclear Facility, causing physical destruction of centrifuges.
Fast-forward to the post-IT/OT convergence boom of the mid- to late-2010s, and attacks on operational technology and critical infrastructure have become significantly more widespread and impactful, driven by increased connectivity between IT and OT environments that has expanded the attack surface and enabled attackers to infiltrate industrial systems through enterprise IT networks.
TXOne Networks, a cybersecurity company, reported that 96% of OT incidents in 2025 could be traced back to IT system compromises. Forescout, meanwhile, found that attacks on OT protocols increased by 84% in 2025 over the previous year, led by Modbus (57% of attacks) and Ethernet/IP (22%). Dragos reported a nearly 95% increase in the number of ransomware attacks in the same time frame, as well as a 49% increase in the number of ransomware gangs targeting industrial organizations.
Industrial and OT systems were targets before they were connected to the internet, and IT/OT convergence -- despite its benefits -- is making such systems systematically more accessible, visible and valuable for attackers.
This week's featured news highlights the latest OT and critical infrastructure attacks and trends, as well as why the government is touting zero trust as a solution to the problem.
Lotus Wiper: Destructive cyberattack targets Venezuelan energy sector
In December 2025, Venezuela's energy sector suffered a sophisticated cyberattack using Lotus Wiper malware, which employed living-off-the-land techniques to destroy system data and disrupt operations.
The attack, analyzed by Kaspersky Lab, used batch scripts to coordinate network infiltration, disable defenses and delete critical files, leaving systems unrecoverable.
Experts noted this reflects a growing trend of nation-state actors using wiper malware as an effective cyber weapon against critical infrastructure, emphasizing the need for network segmentation and immutable backups to counter such threats.
Manufacturing remains most targeted by cyberattacks
The manufacturing sector accounted for one in four cyberattacks in 2025, yet remains inadequately prepared to address cyberthreats, according to cybersecurity insurer Resilience.
Ransomware attacks on manufacturers surged 61% compared to 46% across all sectors, driven by low downtime tolerance and tight security budgets. Between March 2021 and February 2026, ransomware caused 90% of sector losses despite representing only 12% of claims by Resilience clients.
Critical infrastructure vendor Itron discloses network breach
Itron, a major supplier of smart meter devices for energy and water utilities, disclosed a cyberattack on its computer networks discovered April 13.
The Liberty Lake, Washington-based company, which serves over 7,700 utility providers across 100 countries, stated it remediated the unauthorized activity and detected no subsequent intrusions or customer data access.
Itron's devices are widely deployed in electric, gas and water sectors, and the company partners on smart city projects controlling energy infrastructure.
According to its Securities and Exchange Commission filing, operations were not disrupted, insurance will cover significant incident costs and the breach is not expected to materially impact the company.
Iran escalates cyber capabilities against U.S. critical infrastructure
Since the U.S.-Iran conflict began in February, Iranian-backed cyberthreat groups have evolved toward more destructive attacks, according to security researchers.
Iran-linked actors increasingly deploy data-wiping malware, target critical infrastructure and exploit vulnerabilities in programmable logic controllers and Rockwell Automation devices. Notable incidents include a March wiper attack on medical device maker Stryker and threats to Israeli water systems.
CISA warned that poorly secured, internet-accessible infrastructure remains vulnerable. Experts recommended removing internet-facing devices, enabling MFA and hardening admin accounts.
DC power regulators emerge as hidden cyberattack vector
Direct current power regulators, which stabilize voltage for devices across critical infrastructure, represent an overlooked attack surface, Andy Davis, research director at NCC Group, warned.
Operating below the OS level, these increasingly sophisticated, firmware-driven components can hide malicious activity outside traditional security monitoring. Attackers exploiting vulnerabilities in programmable regulators could trigger DoS attacks, cause hardware damage or compromise safety-critical systems such as connected vehicles. Davis said that these incidents could fly under the radar as random equipment failures.
Experts recommend treating power regulation as part of security architecture, implementing network segmentation, monitoring, cryptographic signing and secure boot mechanisms to defend against this emerging threat as power systems grow more complex.
U.S. agencies issue zero-trust guidance for critical infrastructure OT systems
U.S. government agencies, including CISA, the FBI and the Departments of Defense, Energy and State, released guidance Wednesday on applying zero-trust principles to OT environments.
The document addresses unique OT challenges -- legacy systems, availability requirements and physical safety constraints -- that complicate traditional security approaches.
Recommendations include establishing governance frameworks, supply chain oversight using software bills of materials, network segmentation, identity management and layered compensating controls where ideal access restrictions aren't operationally feasible.
The guidance emphasizes cross-team collaboration among IT, OT and cybersecurity personnel, warning that technology alone is insufficient.
More on OT and critical infrastructure security
- Key OT security best practices
- Top OT threats and security challenges
- How to ensure OT secure remote access and prevent attacks
- What CISOs need to know to build an OT cybersecurity program
- SBOM formats explained: Guide for enterprises
- How to create an SBOM: Example and free template
- How to implement zero trust: Expert steps
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Sharon Shea is executive editor of TechTarget Security.
