The emergence of the Stuxnet worm in 2010 marked a significant milestone in cybersecurity, recognized as the first confirmed cyberattack aimed at damaging critical infrastructure. Originally deployed around 2009, Stuxnet was specifically designed to target uranium enrichment systems at Iran’s Natanz Nuclear Facility, resulting in the physical destruction of numerous centrifuges. This incident set a precedent, highlighting the vulnerabilities within industrial systems and the potential for cyber threats to transcend virtual environments, impacting real-world infrastructure.
As the years progressed, particularly during the latter half of the 2010s, a convergence of Information Technology (IT) and Operational Technology (OT) environments began to reshape the cybersecurity landscape. This integration significantly broadened the potential attack surface available to cybercriminals, enabling them to penetrate industrial systems through more traditional enterprise IT networks. Consequently, cyberattacks on operational technology and critical infrastructure have seen a drastic increase in both frequency and severity.
A striking statistic from TXOne Networks underscores this trend, indicating that a staggering 96% of OT incidents anticipated for 2025 stem from compromises within IT systems. Supporting these findings, Forescout highlighted an 84% surge in attacks on OT protocols in 2025 compared to the previous year. Specifically, attacks targeting Modbus accounted for 57% of incidents, while Ethernet/IP represented 22%. Furthermore, a report from Dragos revealed an almost 95% rise in ransomware incidents during the same timeframe, alongside a 49% increase in the number of ransomware gangs specifically targeting industrial organizations.
Historically, industrial and operational technology systems faced threats even before their inception into the digital realm. However, the convergence of IT and OT, despite offering various advantages, has rendered these systems increasingly accessible, visible, and, therefore, more valuable to malicious actors. The week’s news roundup captures the latest trends in OT attacks and the broader implications for critical infrastructure security, including the U.S. government’s advocacy for a zero-trust model as a viable solution.
One alarming event detailed in the news was the Lotus Wiper cyberattack on Venezuela’s energy sector in December 2025. This sophisticated assault utilized the Lotus Wiper malware to inflict severe damage, employing “living-off-the-land” techniques to erase critical system data and disrupt ongoing operations. Kaspersky Lab’s analysis revealed that the attackers employed batch scripts for coordinating their network infiltration, disabling defenses, and ultimately rendering systems unrecoverable. This incident illustrates a disturbing trend of nation-state actors leveraging wiper malware as a potent weapon against vital infrastructure, which is indicative of the current trajectory of cyber warfare.
Moreover, the manufacturing sector emerged as the most frequently targeted industry for cyberattacks in the year 2025. According to cybersecurity insurer Resilience, the manufacturing industry accounted for a quarter of all cyber incidents. Ransomware attacks within this sector surged by 61%, highlighting insufficient preparedness against evolving cyber threats. Between March 2021 and February 2026, ransomware attacks led to 90% of financial losses in manufacturing, despite these attacks comprising only 12% of claims filed by Resilience’s clients.
Itron, a prominent supplier of smart meter devices supporting energy and water utility operations, disclosed a network breach on April 13. Based in Liberty Lake, Washington, Itron serves over 7,700 utility providers across 100 countries. According to the company’s public statement, they successfully remediated the unauthorized activities and reported no instances of customer data compromise. While the breach was serious, it did not disrupt operations, and significant costs resulting from this incident were expected to be covered by insurance.
In a separate development, Iranian cyber units have escalated their target profile following the onset of the U.S.-Iran conflict in February. Security researchers noted a noticeable shift toward more destructive cyber activities, involving data-wiping malware aimed at critical infrastructure. In particular, Iranian threat actors have exploited vulnerabilities in programmable logic controllers and devices produced by Rockwell Automation. Noteworthy incidents, such as a March wiper attack on the medical device manufacturer Stryker, emphasize this evolving strategy and the resulting implications for both U.S. and Israeli infrastructure security.
Among the overlooked cyber threats is the potential vulnerability posed by direct current power regulators. Andy Davis, a research director at NCC Group, warns that these components, which stabilize voltage across critical infrastructure, present a hidden attack surface for cybercriminals. Operating beneath the OS level, advanced firmware-driven regulators can conceal malicious activities outside standard security monitoring. Exploiting these vulnerabilities could lead to denial-of-service attacks, hardware damage, or even compromise safety-critical systems such as connected vehicles.
Given these complexities, U.S. government agencies, including CISA, the FBI, and the Departments of Defense, Energy, and State, have issued guidance on applying zero-trust principles to OT environments. This guidance addresses the unique challenges faced by OT systems, including legacy issues, stringent operational requirements, and necessary physical safety protocols. Key recommendations include governance frameworks, supply chain oversight, network segmentation, and collaborative efforts among IT, OT, and cybersecurity personnel. This emphasizes that technology alone cannot secure these environments; holistic approaches incorporating multiple layers of defense are essential.
In summary, the cybersecurity landscape concerning critical infrastructure is in a state of profound transition, necessitating urgent attention and adaptive strategies to mitigate emerging threats effectively. The confluence of industrial systems and cybercriminal tactics underscores the need for robust security frameworks poised to evolve with the ever-changing threat landscape.