Cybersecurity Threats: A Disturbing New Trend
In the realm of cybersecurity, the Netflix thriller Leave the World Behind offers an unsettling glimpse into a future where a massive cyberattack sends the United States spiraling into a total blackout. While the film dramatizes the scale of such attacks, recent findings highlight a real and concerning trend: malicious hackers are increasingly interested in inflicting physical harm through cyber means.
Recent statistics from Waterfall Security Solutions, a cybersecurity firm based in Rosh Ha’Ayin, Israel, show that although confirmed cyberattacks with physical consequences were relatively rare—with only 57 incidents globally reported in 2025—this trend could shift. A report by Dragos, a Washington-based cybersecurity vendor, points to an alarming change in attacker behavior. Once primarily engaged in reconnaissance within operational technology (OT) environments, attackers are now actively mapping control loops and developing the capabilities to disrupt physical processes.
According to the Dragos "2026 OT/ICS Cybersecurity Report," these threat actors are no longer content to simply gather intelligence. Instead, they are engaging in deeply invasive tactics, accessing and manipulating engineering workstations, as well as exfiltrating configuration files, alarm data, and other operational intelligence. This evolution signifies the removal of a critical barrier that previously existed between access and the ability to cause real-world damage.
“This indicates that the teams behind these operations are being instructed to prepare for action, not merely to keep their options open,” the Dragos researchers noted, underscoring the seriousness of this shift.
A Perfect Storm of Factors
Cybersecurity analysts express both concern and an understanding of the dynamics contributing to this shift. Factors such as heightened geopolitical tensions, the availability of technical documentation online, the accessibility of attack toolkits, and their decreasing costs are converging to create a "perfect storm."
Despite this worrying trajectory, experts like Forrester analyst Paddy Harrington provide a silver lining. He argues that organized cybercriminal groups generally prefer financial gain over inflicting harm. Historically, such groups have avoided causing bodily injury or physical destruction, as it could taint their reputations and hurt their business prospects. “Causing physical harm—like blowing up a pipeline or compromising critical healthcare systems—does not align with their objectives,” Harrington stated.
This distinction raises significant concerns about the motivations of different types of hackers. While traditional cybercriminals may avoid risky operations, nation-state actors could present a greater threat. Such actors are often motivated by political goals and could act recklessly if they gauge that the risk of retaliation is low.
The emergence of generative AI introduces yet another layer of concern. Analysts like Gartner’s Katell Thielemann warn that such technologies can empower a wider array of attackers who might have diverse personal or political motives. “Capabilities that were once mainly the purview of well-funded nation-state groups are becoming broadly accessible,” Thielemann cautioned. Generative AI makes it easier for less sophisticated attackers to learn how to manipulate these systems, thereby enhancing the risk landscape.
Implications for Enterprise Security
Organizations today, whether they recognize it or not, likely possess cyber-physical systems that stand as potential targets for these threat actors. Thielemann cautions that this is not solely an issue for sectors like water utilities or manufacturing; even environments like office buildings and data centers are vulnerable.
Given this reality, enterprises often find themselves ill-equipped to fend off these advanced threats. Thielemann emphasizes that if attackers are updating their knowledge of control loops, so too must Chief Information Security Officers (CISOs). Organizations should move beyond IT-centric security mindsets and adopt specialized tools and governance that mirror the complexities of cyber-physical environments.
Echoing this sentiment, Harrington encourages CISOs to mitigate vulnerabilities by first identifying potential entry points into their OT environments, such as edge devices and cloud connections. He advises organizations to blockade unnecessary connections with firewalls, thereby preventing potential breaches from third-party providers or other external sources.
Harrington also urges cybersecurity leaders to take action. “Many OT environments lack even basic security measures,” he lamented. “They often merely conduct asset discovery and mistakenly rely on an air gap—an assumption that has become increasingly unrealistic in contemporary settings.”
While the prospect of a catastrophic cyberattack on critical infrastructure may sound like the stuff of nightmare scenarios or gripping thrillers, the urgency for improved security measures continues to grow. As experts push for significant enhancements in OT security, the hope remains that this momentum will build quickly enough to counteract emerging threats.
In summary, the evolving landscape of cyber threats necessitates a collective and proactive approach to security, one that considers the intersections between digital and physical domains. As the world becomes more interconnected, the stakes have never been higher.