The Stuxnet worm is well known as the primary confirmed cyberattack designed to break vital infrastructure. Found in 2010 however used as early as 2009, it focused uranium enrichment programs at Iran’s Natanz Nuclear Facility, inflicting bodily destruction of centrifuges.
Quick-forward to the post-IT/OT convergence growth of the mid- to late-2010s, and assaults on operational expertise and significant infrastructure have turn out to be considerably extra widespread and impactful, pushed by elevated connectivity between IT and OT environments that has expanded the assault floor and enabled attackers to infiltrate industrial programs by way of enterprise IT networks.
TXOne Networks, a cybersecurity firm, reported that 96% of OT incidents in 2025 may very well be traced again to IT system compromises. Forescout, in the meantime, discovered that assaults on OT protocols elevated by 84% in 2025 over the earlier yr, led by Modbus (57% of assaults) and Ethernet/IP (22%). Dragos reported a virtually 95% enhance within the variety of ransomware assaults in the identical time-frame, in addition to a 49% enhance within the variety of ransomware gangs concentrating on industrial organizations.
Industrial and OT programs had been targets earlier than they had been linked to the web, and IT/OT convergence — regardless of its advantages — is making such programs systematically extra accessible, seen and useful for attackers.
This week’s featured information highlights the most recent OT and significant infrastructure assaults and traits, in addition to why the federal government is touting zero belief as an answer to the issue.
Lotus Wiper: Harmful cyberattack targets Venezuelan power sector
In December 2025, Venezuela’s power sector suffered a classy cyberattack utilizing Lotus Wiper malware, which employed living-off-the-land methods to destroy system information and disrupt operations.
The assault, analyzed by Kaspersky Lab, used batch scripts to coordinate community infiltration, disable defenses and delete vital recordsdata, leaving programs unrecoverable.
Consultants famous this displays a rising pattern of nation-state actors utilizing wiper malware as an efficient cyber weapon towards vital infrastructure, emphasizing the necessity for community segmentation and immutable backups to counter such threats.
Learn the total article by Robert Lemos on Darkish Studying.
Manufacturing stays most focused by cyberattacks
The manufacturing sector accounted for one in 4 cyberattacks in 2025, but stays inadequately ready to handle cyberthreats, in keeping with cybersecurity insurer Resilience.
Ransomware assaults on producers surged 61% in comparison with 46% throughout all sectors, pushed by low downtime tolerance and tight safety budgets. Between March 2021 and February 2026, ransomware triggered 90% of sector losses regardless of representing solely 12% of claims by Resilience shoppers.
Learn the total article by Eric Geller on Cybersecurity Dive.
Important infrastructure vendor Itron discloses community breach
Itron, a serious provider of sensible meter gadgets for power and water utilities, disclosed a cyberattack on its pc networks found April 13.
The Liberty Lake, Washington-based firm, which serves over 7,700 utility suppliers throughout 100 nations, said it remediated the unauthorized exercise and detected no subsequent intrusions or buyer information entry.
Itron’s gadgets are broadly deployed in electrical, fuel and water sectors, and the corporate companions on sensible metropolis tasks controlling power infrastructure.
In accordance with its Securities and Change Fee submitting, operations weren’t disrupted, insurance coverage will cowl vital incident prices and the breach is just not anticipated to materially influence the corporate.
Learn the total article by Eric Geller on Cybersecurity Dive.
Iran escalates cyber capabilities towards U.S. vital infrastructure
Because the U.S.-Iran battle started in February, Iranian-backed cyberthreat teams have developed towards extra damaging assaults, in keeping with safety researchers.
Iran-linked actors more and more deploy data-wiping malware, goal vital infrastructure and exploit vulnerabilities in programmable logic controllers and Rockwell Automation gadgets. Notable incidents embrace a March wiper assault on medical gadget maker Stryker and threats to Israeli water programs.
CISA warned that poorly secured, internet-accessible infrastructure stays susceptible. Consultants beneficial eradicating internet-facing gadgets, enabling MFA and hardening admin accounts.
Learn the total article by David Jones on Cybersecurity Dive.
DC energy regulators emerge as hidden cyberattack vector
Direct present energy regulators, which stabilize voltage for gadgets throughout vital infrastructure, characterize an missed assault floor, Andy Davis, analysis director at NCC Group, warned.
Working under the OS degree, these more and more refined, firmware-driven elements can conceal malicious exercise outdoors conventional safety monitoring. Attackers exploiting vulnerabilities in programmable regulators might set off DoS assaults, trigger {hardware} harm or compromise safety-critical programs comparable to linked automobiles. Davis mentioned that these incidents might fly below the radar as random tools failures.
Consultants advocate treating energy regulation as a part of safety structure, implementing community segmentation, monitoring, cryptographic signing and safe boot mechanisms to defend towards this rising menace as energy programs develop extra advanced.
Learn the total article by Arielle Waldman on Darkish Studying.
U.S. businesses subject zero-trust steering for vital infrastructure OT programs
U.S. authorities businesses, together with CISA, the FBI and the Departments of Protection, Power and State, launched steering Wednesday on making use of zero-trust ideas to OT environments.
The doc addresses distinctive OT challenges — legacy programs, availability necessities and bodily security constraints — that complicate conventional safety approaches.
Suggestions embrace establishing governance frameworks, provide chain oversight utilizing software program payments of supplies, community segmentation, id administration and layered compensating controls the place best entry restrictions aren’t operationally possible.
The steering emphasizes cross-team collaboration amongst IT, OT and cybersecurity personnel, warning that expertise alone is inadequate.
Learn the total article by Eric Geller on Cybersecurity Dive.
Extra on OT and significant infrastructure safety
Editor’s observe: An editor used AI instruments to assist within the era of this information temporary. Our knowledgeable editors all the time assessment and edit content material earlier than publishing.
Sharon Shea is govt editor of TechTarget Safety.
