New Report Reveals Alarming Vulnerabilities in OT Devices and Ransomware Threats

Introduction

In today’s evolving digital landscape, operational technology (OT) devices are becoming increasingly vulnerable to cyber threats. Claroty, a leading cyber-physical systems (CPS) protection company, has recently published a comprehensive report titled "State of CPS Security 2025 OT Exposures," produced by their esteemed research team Team82. This report highlights alarming trends and vulnerabilities that pose significant risks to mission-critical infrastructure across various industries.

Key Findings

The research analyzed nearly one million OT devices and identified over 111,000 Known Exploitable Vulnerabilities (KEVs). A staggering 68% of these vulnerabilities are linked directly to ransomware groups. Some of the core findings include:

- 12% of analyzed OT devices are exposed with KEVs, and 40% of the organizations have these assets insecurely connected to the internet.
- 7% of devices are tied to ransomware actors, with 31% of organizations having these vulnerable assets online without adequate protection.
- Notably, 12% of organizations have OT assets communicating with malicious domains, making the threat to these assets tangible and urgent.
- The manufacturing sector topped the list with over 96,000 devices identified with confirmed KEVs, cementing the gravity of the situation.

Implications for Industries

As industrial sectors increasingly turn to digitization and connectivity, the risks multiply exponentially. Grant Geyer, Chief Strategy Officer at Claroty, emphasized the inherent challenges in securing these mission-critical technologies. He noted that threat actors are not merely theoretical; they are actively seeking to exploit weaknesses in outdated systems and unsecured networks, often benefiting from state-sponsored activities from countries like China and Russia.

A Shift in Perspective

The findings suggest that security teams must shift their focus from traditional vulnerability management practices to a more comprehensive exposure management philosophy. Understanding the interconnectedness of these vulnerabilities with common threat vectors, particularly ransomware, is crucial for security teams to proactively mitigate risks. This shift would enable organizations to prioritize their remediation efforts effectively, ensuring maximum impact against potential cyber threats.

Conclusion

The release of the "State of CPS Security 2025 OT Exposures" report serves as a crucial wake-up call for industries reliant on operational technology. With the significant presence of known vulnerabilities and the increasing sophistication of ransomware attacks, organizations must urgently reassess their security measures. Downloading the full report from Claroty is a critical first step for stakeholders looking to navigate these complexities and enhance their operational security strategies.

As Claroty continues to lead the charge in CPS protection, organizations must prioritize security investments to safeguard their infrastructure and mitigate risks associated with the rapidly evolving cyber threat landscape.