Today’s threat landscape in IoT, OT, ICS, and CPS environments continues to evolve rapidly, with adversaries leveraging sophisticated malware, AI-powered cybercrime, and persistent vulnerabilities in critical infrastructure. From destructive wiper attacks targeting energy firms to alarming gaps in microsegmentation adoption, these developments underscore the increasing complexity and urgency of securing operational technology and connected devices against nation-state and criminal actors alike.
Lotus Wiper Malware Targets Venezuelan Energy Firms in Destructive OT Attack
Kaspersky Lab researchers have detailed a destructive malware campaign known as ‘Lotus Wiper’ that struck Venezuelan energy companies in late 2025. Utilizing living-off-the-land techniques, the malware systematically deleted critical data, overwrote physical drives, and disabled recovery options, rendering systems unrecoverable. The attack, believed to have targeted Petróleos de Venezuela SA (PDVSA), reflects a growing trend of nation-state actors deploying cost-effective wiper malware against critical infrastructure after extended reconnaissance. Experts emphasize the need for robust OT/ICS network segmentation and immutable offline backups to mitigate such destructive threats.
Source: Dark Reading
Europol IOCTA 2026: AI-Powered Cybercrime and Ransomware Pose Growing Threat to Critical Infrastructure
The Europol IOCTA 2026 report highlights a shift toward ‘industrialised cybercrime,’ with over 120 active ransomware brands observed in 2025. Hybrid threat actors, including nation-state proxies, increasingly leverage cybercriminal networks to disrupt critical infrastructure through DDoS, intrusions, and ransomware attacks. Notable ransomware groups such as Qilin, Akira, and the DragonForce-LockBit-Qilin alliance are automating exploits and targeting virtualized environments. The report also notes a shift from data encryption to data theft extortion, urging law enforcement to enhance AI capabilities and international cooperation to counter these sophisticated threats.
Source: Industrial Cyber
Manufacturing Sector Tops Global Cyberattack Targets as Ransomware Drives 90% of Losses
A Resilience report analyzing nearly five years of cyber insurance claims confirms manufacturing as the most targeted sector worldwide. Although ransomware accounts for only 12% of claims, it drives over 90% of financial losses, with misconfigured multi-factor authentication responsible for approximately 26% of losses. The report projects a doubling of connected IoT devices in manufacturing by 2030, expanding the attack surface significantly. Recommendations include auditing MFA, strengthening vulnerability management for OT systems, enforcing IT/OT segmentation, and securing supply chains to achieve meaningful risk reduction.
Source: Industrial Cyber
CISA Advisory: Gardyn IoT Devices Exposed 134,000 Customer Records via Unauthenticated Cloud API
CISA’s ICS advisory ICSA-26-055-03 reveals critical vulnerabilities in Gardyn’s smart garden IoT devices, including a CVSS 9.3 flaw that exposed over 134,000 customer records through an unauthenticated cloud API. The exposed data included personal information and Azure IoT Hub administrative credentials, presenting a significant risk of large-scale device takeover. The vulnerability persisted for approximately six years without access logging, complicating incident assessment. Gardyn has since deployed automatic patches, highlighting the ongoing challenges in securing consumer IoT devices and their cloud backends.
Source: CISA ICS Advisory
Survey: 99% of Security Leaders Back Microsegmentation, Yet Over 90% Fail to Protect Critical OT/IoT Systems
A recent Omdia survey commissioned by Elisity exposes a significant gap between microsegmentation intent and implementation among U.S. healthcare and manufacturing cybersecurity leaders. Although 99% are adopting or planning microsegmentation, only 9% protect more than 80% of critical systems, leaving the majority vulnerable to lateral movement attacks. Legacy segmentation methods dominate, with limited hands-on experience in modern identity-based microsegmentation. OT/IoT environments face unique challenges including zero-downtime requirements and legacy ICS systems, highlighting the need for tailored segmentation strategies.
Source: Industrial Cyber
These developments reinforce the imperative for OT and IoT security practitioners to prioritize comprehensive network segmentation, enforce strict access controls, and maintain immutable backups. Continuous monitoring, vulnerability management, and adoption of AI-driven threat detection are critical to counter evolving adversaries. Furthermore, securing cloud integrations and legacy systems remains essential to reducing risk in increasingly connected operational environments.
