The “Year in Review” report for 2025 published by Dragos highlighted a concerning trend in the industrial security sector: ransomware attacks against industrial organizations have skyrocketed by 87% compared to the previous year. This increase in attacks has put a spotlight on the vulnerabilities present in operational technology (OT) and industrial control systems (ICS) used by critical infrastructure sectors such as water and power, as well as various parts of the supply chain like manufacturing.
According to Dragos, the rise in ransomware attacks targeting OT and ICS systems can be attributed to the high stakes involved in these organizations, coupled with the challenge of maintaining effective vulnerability management. Many smaller industrial organizations struggle to keep up with the evolving threat landscape, making them prime targets for malicious actors. As a result, Dragos’ latest report emphasizes the importance of topics like vulnerability management and ransomware prevention in the industrial security space.
In addition to the alarming increase in ransomware attacks, Dragos also noted a 60% jump in the number of ransomware groups targeting OT and ICS systems, from 50 groups in 2023 to 80 in 2024. The report highlighted how threat actors are increasingly using remote tools like VPN appliances to gain initial access to victim networks, exploiting weak network security defenses in the process. Dragos pointed out that organizations that enforced strict network segmentation between IT and OT systems, along with conducting offline backup testing, were able to mitigate the impact of ransomware incidents and avoid paying hefty ransoms.
On the vulnerability management front, Dragos analyzed 606 OT/ICS-relevant security advisories and found that 22% of these advisories were network exploitable and perimeter facing. Additionally, the report revealed that a significant portion of advisories contained incorrect information, errors, or lacked essential mitigations and fixes. Dragos emphasized the importance of accurate advisories in helping organizations prioritize patching and mitigate vulnerabilities effectively, especially in critical infrastructure and industrial sectors.
During a press briefing, Dragos CEO Robert M. Lee highlighted the complexity of OT vulnerabilities compared to traditional IT vulnerabilities, emphasizing the need for a tailored approach to vulnerability management. Dragos adopted a “now, next, never” system to assess vulnerabilities based on their exploitability and operational risk, rather than relying on traditional severity scoring systems.
In conclusion, Dragos recommended that organizations update their incident response plans, conduct thorough attack surface analyses, enhance visibility and monitoring capabilities, secure remote access through network segmentation, and prioritize risk-based vulnerability management. As the industrial security landscape continues to evolve, proactive measures like these will be crucial in safeguarding OT and ICS systems from ransomware attacks and other cyber threats.