Claroty’s newly released “State of CPS Security 2025: OT Exposures” reveals the operational technology device exposures most coveted for exploitation by adversaries.
Summary:
A new report from Claroty reveals that over 111,000 operational technology (OT) devices across critical sectors, including manufacturing, logistics, and natural resources, contain known exploitable vulnerabilities. Based on an analysis of nearly 1 million OT devices, the report highlights that 68% of these vulnerabilities are linked to ransomware groups. The findings emphasize the growing security risks posed by state-sponsored threat actors, as 12% of organizations analyzed had OT assets communicating with malicious domains from countries like China, Russia, and Iran. The report underscores the need for organizations to shift from traditional vulnerability management to an exposure management approach to proactively reduce risk.
Key Takeaways:
- Widespread OT Vulnerabilities and Ransomware Links – Of the 111,000 known exploitable vulnerabilities in OT devices, 68% are linked to ransomware groups, posing significant risks to critical industries.
- Internet-Exposed OT Assets Increase Threat Risks – 40% of organizations analyzed had a subset of vulnerable OT assets insecurely connected to the internet, further escalating the potential for cyberattacks.
- State-Sponsored Threats Target Critical Sectors – 12% of organizations had OT assets communicating with malicious domains linked to state actors from China, Russia, and Iran, highlighting the rising risks from nation-state threats.
Claroty, a cyber-physical systems (CPS) protection company, released a new report revealing the exposures that are most coveted for exploitation by adversaries in operational technology devices (OT).
Based on an analysis of almost 1 million OT devices, the “State of CPS Security 2025: OT Exposures” report found over 111,000 known exploitable vulnerabilities in OT devices across manufacturing, logistics and transportation, and natural resources organizations, with more than two-thirds (68%) of the known exploitable vulnerabilities being linked to ransomware groups. Based on an analysis of almost 1 million OT devices, the report uncovers the riskiest exposures for enterprises amid rising threats to critical sectors.
In the report, Claroty’s research group Team82 examines the challenges industrial organizations face when identifying which known exploitable vulnerabilities in OT devices to prioritize for remediation. It highlights how understanding the intersection of these vulnerabilities with popular threat vectors, such as ransomware and insecure connectivity, can help security teams proactively and efficiently minimize risk at scale.
With offensive activity rising from state-sponsored threat actors, the report details the risk critical sectors face from OT assets communicating with malicious domains, including those from China, Russia, and Iran.
Key Findings:
- Of the close to 1 million OT devices analyzed, Team82 found that 12% contain known exploitable vulnerabilities, and 40% of the organizations analyzed have a subset of these assets insecurely connected to the internet.
- 7% of the devices are exposed with known exploitable vulnerabilities that have been linked to known ransomware samples and actors, with 31% of the organizations analyzed having these assets insecurely connected to the internet.
- 12% of organizations in the research had OT assets communicating with malicious domains, demonstrating that the threat risk to these assets is not theoretical.
- The manufacturing industry was found to have the highest number of devices with confirmed known exploitable vulnerabilities (over 96,000) with over two-thirds (68%) of them being linked to ransomware groups.
“The inherent nature of operational technology creates obstacles to securing these mission critical technologies,” says Grant Geyer, chief strategy officer at Claroty, in a release. “From embedding offensive capabilities in networks to targeting vulnerabilities in outdated systems, threat actors can take advantage of these exposures to create risks to availability and safety in the real world. As digital transformation continues to drive connectivity to OT assets, these challenges will only proliferate. There is a clear imperative for security and engineering leaders to shift from a traditional vulnerability management program to an exposure management philosophy to ensure they can make remediation efforts as impactful as possible.”
