Claroty, the cyber-physical systems (CPS) protection company, released a new report revealing the exposures that are most coveted for exploitation by adversaries in operational technology (OT) devices. Based on analysis of almost one million OT devices, the “State of CPS Security 2025: OT Exposures” report found over 111,000 Known Exploitable Vulnerabilities (KEVs) in OT devices across manufacturing, logistics and transportation, and natural resources organizations, with more than two-thirds (68%) of the KEVs being linked to ransomware groups. Based on analysis of almost one million OT devices, the report uncovers the riskiest exposures for enterprises amid rising threats to critical sectors.
Cyber Technology Insights: Agentic AI to Revolutionize Cybercrime in 2025: Report
In the report, Claroty’s award-winning research group Team82 examines the challenges industrial organizations face when identifying which KEVs in OT devices to prioritize for remediation. It highlights how understanding the intersection of these vulnerabilities with popular threat vectors, such as ransomware and insecure connectivity, can help security teams proactively and efficiently minimize risk at scale. With offensive activity rising from state-sponsored threat actors, the report details the risk critical sectors face from OT assets communicating with malicious domains, including those from China, Russia, and Iran.
“The inherent nature of operational technology creates obstacles to securing these mission critical technologies,” said Grant Geyer, Chief Strategy Officer at Claroty. “From embedding offensive capabilities in networks to targeting vulnerabilities in outdated systems, threat actors can take advantage of these exposures to create risks to availability and safety in the real world. As digital transformation continues to drive connectivity to OT assets, these challenges will only proliferate. There is a clear imperative for security and engineering leaders to shift from a traditional vulnerability management program to an exposure management philosophy to ensure they can make remediation efforts as impactful as possible.”
Key Findings:
- Of the close to one million OT devices analyzed, Team82 found that 12% contain KEVs, and 40% of the organizations analyzed have a subset of these assets insecurely connected to the internet.
- 7% of the devices are exposed with KEVs that have been linked to known ransomware samples and actors, with 31% of the organizations analyzed having these assets insecurely connected to the internet.
- 12% of organizations in the research had OT assets communicating with malicious domains, demonstrating that the threat risk to these assets is not theoretical.
- The manufacturing industry was found to have the highest number of devices with confirmed KEVs (over 96,000) with over two-thirds (68%) of them being linked to ransomware groups.
Cyber Technology Insights: HeroDevs Acquires Xeol to Secure End-of-Life Software
To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com
Source – Prnewswire