As global tensions continue to influence cyber activity, new research highlights a concerning rise in attacks targeting operational systems that support essential services. The findings from Claroty underscore how cyber-physical systems attacks are becoming a preferred method for threat actors seeking to disrupt critical infrastructure across industries.

Claroty, a company focused on protecting cyber-physical systems, has released new research from its Team82 unit analyzing more than 200 attacks carried out over a 12 month period. The report reveals that cybercriminals and politically motivated groups are increasingly targeting operational technology environments directly, bypassing traditional IT systems to gain access to systems that control real world processes.

The research shows that 82 percent of these attacks involved the use of virtual network computing protocol clients to remotely access internet facing assets. In addition, 66 percent of incidents included the compromise of human machine interfaces or supervisory control and data acquisition systems. These systems play a central role in managing industrial operations, from manufacturing and energy production to water systems and healthcare infrastructure.

Unauthorized access to such systems can have serious consequences, including service disruptions, physical damage to equipment, and potential risks to public safety. Notably, many of these attacks do not require advanced technical expertise or exploitation of complex vulnerabilities, making them accessible to a wider range of threat actors.

The study also highlights the geopolitical dimensions of these attacks. A significant portion of the activity was linked to groups associated with nation state interests. According to the findings, 81 percent of incidents attributed to Iran affiliated groups targeted organizations in the United States and Israel. Meanwhile, 71 percent of attacks linked to Russia affiliated groups focused on European Union countries, with Italy, France, and Spain among the most frequently targeted.

Ad Banner

Amir Preminger, Chief Technology Officer and head of Team82 at Claroty, emphasized the growing risks to essential infrastructure. “Our research reveals a major escalation in how malicious actors are infiltrating the operational systems that underpin society’s daily operations,” said Amir Preminger, CTO and head of Team82 at Claroty. “Attackers are using relatively low-tech means to target critical sectors from manufacturing, to water and waste, to power generation, to healthcare industries whose disruption would lead to dire, if not dangerous consequences. Based on what’s uncovered in the research there’s a clear need to bolster security efforts for CPS, and organizations can no longer tolerate lax cybersecurity practices around these devices.”

The report also points to common security gaps that make these systems vulnerable. Many devices are exposed to the internet with weak or default credentials, while legacy communication protocols lacking authentication and encryption continue to be widely used. These weaknesses create opportunities for attackers to gain access without sophisticated techniques.

To address these risks, organizations managing cyber-physical systems are encouraged to strengthen security practices, including securing internet facing devices, updating insecure configurations, and transitioning to more secure communication protocols. Understanding the tactics and motivations of threat actors is also critical in anticipating potential targets and mitigating future attacks.

The rise in cyber-physical systems attacks reflects a broader shift in the threat landscape, where attackers increasingly target infrastructure that directly impacts daily life. As these systems become more connected, organizations must adopt stronger security measures to protect critical infrastructure from evolving cyber threats.

Recommended Cyber Technology News:

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com



🔒 Login or Register to continue reading