Critical Infrastructure Under Cyberattack | Latest Threats

The security landscape for cyber-physical systems (CPS) is changing rapidly.

According to the current report “Analyzing CPS Attack Trends” from Claroty, opportunistic hackers are increasingly becoming aware of these systems, which were previously primarily affected by targeted, sophisticated attacks. The analysis includes more than 200 attacks from over 20 hacker groups in 2025.

One striking finding: 82 percent of attacks occurred via VNC protocol clients to remotely access exposed, internet-connected systems. Two-thirds of the incidents involved human-machine interfaces (HMI) or SCADA systems that monitor and control industrial processes. A successful attack can have massive consequences – from production downtimes to damage to systems and endangering employees and the environment.

“We primarily see opportunistic drive-by attacks that use relatively simple technical means to hit critical sectors. The potential consequences are significant and sometimes dangerous,” comments Thorsten Eckert, Regional Vice President Sales Central at Claroty.

Geopolitical influences shape the attacks

The investigation makes it clear that many attacks are politically motivated and can be attributed to state-backed groups:

• 81 percent of attacks by Iranian groups targeted facilities in the United States and Israel.
• 71 percent of Russian attacks targeted companies in the European Union, particularly Italy (18%), France (11%) and Spain (9%).

The results highlight the increasing vulnerability of critical infrastructures such as energy supply, water and waste management and healthcare.

Recommendations for action for companies

Claroty recommends significantly strengthening security measures for CPS. Essential steps include:

1. Protecting connected devices: Operational systems (OT), smart devices and connected medical devices (IoMT) should be carefully configured and protected from unauthorized access.
2. Fix unsafe default configurations: Weak or default passwords and insecure defaults must be proactively changed before devices are connected to the Internet.
3. Use secure communication protocols: Many attacks used insecure protocols such as VNC or Modbus, which do not provide encryption or authentication. Companies should move to secure protocols and prioritize their most critical resources.
4. Understanding Threat Actors: Analyzing the tactics and goals of politically motivated groups helps to predict potential attack targets and to implement protective measures in a targeted manner.

The report shows that CPS are increasingly being targeted by opportunistic hackers, with many attacks being technically simple but potentially high risk. Consistent cyber hygiene, secure configurations and knowledge of threat actors are crucial to making critical systems resilient to attacks.