SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
Digital Transformation
#
Cybersecurity

Report finds ransomware exploits in OT devices rising

Today
Author image
By Sean Mitchell, Publisher

A recent report from Claroty has highlighted significant vulnerabilities in operational technology (OT) devices across key sectors, which are being targeted for exploitation by adversaries.

The report entitled "State of CPS Security 2025: OT Exposures" was based on the analysis of nearly one million OT devices and identified over 111,000 Known Exploitable Vulnerabilities (KEVs). These vulnerabilities span critical sectors like manufacturing, logistics, transportation, and natural resources, with more than 68% being linked to ransomware groups.

The report was developed by Claroty's research group Team82, which focuses on the intersection of these vulnerabilities with common threat vectors such as ransomware and insecure connectivity. It aims to assist industrial organisations in prioritising which KEVs require immediate remediation, thereby helping security teams manage risk on a large scale.

Grant Geyer, Chief Strategy Officer at Claroty, commented on the report's findings: "The inherent nature of operational technology creates obstacles to securing these mission critical technologies. From embedding offensive capabilities in networks to targeting vulnerabilities in outdated systems, threat actors can take advantage of these exposures to create risks to availability and safety in the real world. As digital transformation continues to drive connectivity to OT assets, these challenges will only proliferate. There is a clear imperative for security and engineering leaders to shift from a traditional vulnerability management program to an exposure management philosophy to ensure they can make remediation efforts as impactful as possible."

The report underscores the rising threats posed by state-sponsored actors and details risks associated with OT assets communicating with malicious domains from countries such as China, Russia, and Iran. It suggests that understanding these threats is key for proactive security measures.

Team82's findings reveal that 12% of the OT devices analysed contain KEVs, and 40% of the organisations involved have devices with insecure internet connections. Notably, 7% of the analysed devices have KEVs that are linked to known ransomware samples, and 31% of these organisations have related assets connected insecurely to the internet.

Furthermore, 12% of the organisations researched had OT assets in communication with malicious domains, serving as evidence that the threat to these assets is real rather than hypothetical. The manufacturing sector, in particular, had a substantial number of devices with confirmed KEVs, totalling over 96,000, with 68% linked to ransomware groups.

The "State of CPS Security 2025: OT Exposures" report provides comprehensive data on these vulnerabilities and presents recommended security measures. These insights aim at equipping enterprises with the necessary knowledge to better defend against the vulnerabilities and potential threats identified.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Check Point unveils AI-powered upgrades for security platform
IT leaders advocate for stricter email authentication rules
ProGlove partners with BlueStar to boost global expansion
Cyber report reveals record 5,263 ransomware attacks
DeepSeek AI challenges ChatGPT with low-cost innovation
Top stories
Under attack: Exposing upscale hacktivist DDoS tactics
SAS announces winners of the 2025 Global Partner Awards
Dynatrace unveils AI, security, & developer tools update
Bridgit broadens team with five new appointment additions
GitHub launches Enterprise Cloud with data residency in Oz