CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 16, 2026

News brief: Critical infrastructure, OT cybersecurity attacks - TechTarget

TechTarget Archived May 16, 2026 ✓ Full text saved

News brief: Critical infrastructure, OT cybersecurity attacks TechTarget

Full text archived locally
✦ AI Summary · Claude Sonnet


    PUTILOV_DENIS - STOCK.ADOBE.COM PUTILOV_DENIS - STOCK.ADOBE.COM By Staff report Published: 01 May 2026 The Stuxnet worm is widely recognized as the first confirmed cyberattack designed to damage critical infrastructure. Discovered in 2010 but used as early as 2009, it targeted uranium enrichment systems at Iran's Natanz Nuclear Facility, causing physical destruction of centrifuges. Fast-forward to the post-IT/OT convergence boom of the mid- to late-2010s, and attacks on operational technology and critical infrastructure have become significantly more widespread and impactful, driven by increased connectivity between IT and OT environments that has expanded the attack surface and enabled attackers to infiltrate industrial systems through enterprise IT networks. TXOne Networks, a cybersecurity company, reported that 96% of OT incidents in 2025 could be traced back to IT system compromises. Forescout, meanwhile, found that attacks on OT protocols increased by 84% in 2025 over the previous year, led by Modbus (57% of attacks) and Ethernet/IP (22%). Dragos reported a nearly 95% increase in the number of ransomware attacks in the same time frame, as well as a 49% increase in the number of ransomware gangs targeting industrial organizations. Industrial and OT systems were targets before they were connected to the internet, and IT/OT convergence -- despite its benefits -- is making such systems systematically more accessible, visible and valuable for attackers. This week's featured news highlights the latest OT and critical infrastructure attacks and trends, as well as why the government is touting zero trust as a solution to the problem. Lotus Wiper: Destructive cyberattack targets Venezuelan energy sector In December 2025, Venezuela's energy sector suffered a sophisticated cyberattack using Lotus Wiper malware, which employed living-off-the-land techniques to destroy system data and disrupt operations. The attack, analyzed by Kaspersky Lab, used batch scripts to coordinate network infiltration, disable defenses and delete critical files, leaving systems unrecoverable. Experts noted this reflects a growing trend of nation-state actors using wiper malware as an effective cyber weapon against critical infrastructure, emphasizing the need for network segmentation and immutable backups to counter such threats. Read the full article by Robert Lemos on Dark Reading. Manufacturing remains most targeted by cyberattacks The manufacturing sector accounted for one in four cyberattacks in 2025, yet remains inadequately prepared to address cyberthreats, according to cybersecurity insurer Resilience. Ransomware attacks on manufacturers surged 61% compared to 46% across all sectors, driven by low downtime tolerance and tight security budgets. Between March 2021 and February 2026, ransomware caused 90% of sector losses despite representing only 12% of claims by Resilience clients. Read the full article by Eric Geller on Cybersecurity Dive. Critical infrastructure vendor Itron discloses network breach Itron, a major supplier of smart meter devices for energy and water utilities, disclosed a cyberattack on its computer networks discovered April 13. The Liberty Lake, Washington-based company, which serves over 7,700 utility providers across 100 countries, stated it remediated the unauthorized activity and detected no subsequent intrusions or customer data access. Itron's devices are widely deployed in electric, gas and water sectors, and the company partners on smart city projects controlling energy infrastructure. According to its Securities and Exchange Commission filing, operations were not disrupted, insurance will cover significant incident costs and the breach is not expected to materially impact the company. Read the full article by Eric Geller on Cybersecurity Dive. Iran escalates cyber capabilities against U.S. critical infrastructure Since the U.S.-Iran conflict began in February, Iranian-backed cyberthreat groups have evolved toward more destructive attacks, according to security researchers. Iran-linked actors increasingly deploy data-wiping malware, target critical infrastructure and exploit vulnerabilities in programmable logic controllers and Rockwell Automation devices. Notable incidents include a March wiper attack on medical device maker Stryker and threats to Israeli water systems. CISA warned that poorly secured, internet-accessible infrastructure remains vulnerable. Experts recommended removing internet-facing devices, enabling MFA and hardening admin accounts. Read the full article by David Jones on Cybersecurity Dive. DC power regulators emerge as hidden cyberattack vector Direct current power regulators, which stabilize voltage for devices across critical infrastructure, represent an overlooked attack surface, Andy Davis, research director at NCC Group, warned. Operating below the OS level, these increasingly sophisticated, firmware-driven components can hide malicious activity outside traditional security monitoring. Attackers exploiting vulnerabilities in programmable regulators could trigger DoS attacks, cause hardware damage or compromise safety-critical systems such as connected vehicles. Davis said that these incidents could fly under the radar as random equipment failures. Experts recommend treating power regulation as part of security architecture, implementing network segmentation, monitoring, cryptographic signing and secure boot mechanisms to defend against this emerging threat as power systems grow more complex. Read the full article by Arielle Waldman on Dark Reading. U.S. agencies issue zero-trust guidance for critical infrastructure OT systems U.S. government agencies, including CISA, the FBI and the Departments of Defense, Energy and State, released guidance Wednesday on applying zero-trust principles to OT environments. The document addresses unique OT challenges -- legacy systems, availability requirements and physical safety constraints -- that complicate traditional security approaches. Recommendations include establishing governance frameworks, supply chain oversight using software bills of materials, network segmentation, identity management and layered compensating controls where ideal access restrictions aren't operationally feasible. The guidance emphasizes cross-team collaboration among IT, OT and cybersecurity personnel, warning that technology alone is insufficient. Read the full article by Eric Geller on Cybersecurity Dive. More on OT and critical infrastructure security Key OT security best practices Top OT threats and security challenges How to ensure OT secure remote access and prevent attacks What CISOs need to know to build an OT cybersecurity program SBOM formats explained: Guide for enterprises How to create an SBOM: Example and free template How to implement zero trust: Expert steps Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing. Sharon Shea is executive editor of TechTarget Security. Next Steps News brief: Security worries and warnings as AI use expands Related Resources Offense Informs Defense: Google's Proactive Security with Threat Modeling, Red ... –Replay From Code to Culture: What the Data Tells Us About the State of Application ... –Black Duck Elexon uses Recorded Future to identify unknown threats and strengthen cyber ... –Recorded Future 7 cybersecurity trends for 2026 –SHI International Dig Deeper on Threats and vulnerabilities Cyberattack continues to disrupt operations at Signature Healthcare By: Jill Hughes News brief: Nation-state hackers active on the global stage By: Staff report News brief: 6 Microsoft zero days and a warning from CISA By: Staff report 10 cybersecurity trends to watch in 2026 By: Mary Pratt
    💬 Team Notes
    Article Info
    Source
    TechTarget
    Category
    ◇ Industry News & Leadership
    Published
    May 16, 2026
    Archived
    May 16, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗