Wipers, Dam Spill Highlight Escalating OT Threats in 2026
TechCrunch’s midyear review highlights a sharp escalation in OT incidents. Russia-attributed actors reportedly deployed wiper malware against Poland’s grid, hit a Swedish thermal plant, and triggered a water spill at a Norwegian dam. Poland’s water treatment facilities were breached again in May, while Iran-linked Handala wiped tens of thousands of Stryker employee devices in March, impacting Q1 results. Investigators also warn Iranian groups are actively probing privately owned U.S. water utilities, and a Klue supply-chain breach exposed cloud credentials for roughly 200 firms, including Jamf, HackerOne, and LastPass.
Source: TechCrunch
Kaspersky: Nearly One in Five ICS Computers Attacked in Q1
In Q1 2026, Kaspersky ICS CERT blocked malicious objects on 19.6% of ICS computers worldwide, spanning 10,052 malware families. Attacks on manufacturing surged across Europe and Asia, with Southeast Asia leading at 23.21% of systems affected. The firm notes ransomware inflicted over $18 billion in potential losses on manufacturing in the first three quarters of 2025. Persistent legacy OT and sprawling supply chains widen exposure, and Kaspersky’s ICS CERT head warned: “Attackers are realising that targeting OT assets of an industrial enterprise is not rocket science.”
Source: ITWeb
Latin America Emerges as Second-Most Exposed ICS Region
Kaspersky data puts Latin America as the second most exposed region, with 20.4% of ICS computers encountering malicious objects. Email-borne threats hit 5.30% of industrial machines—1.9 times the global average—with Mexico leading regional email exposure at 9.51%. Phishing and malicious documents remain the primary ingress to OT networks, while Panama saw 18.24% of ICS systems affected by credential-theft campaigns tied to attacks on WordPress-based government sites. Biometric systems (27.1%), building automation (22.4%), and electric power (19%) were the most targeted ICS subsectors.
Source: Mexico Business News
Dragos Unveils EmberAI, An OT-Native Intelligence Engine
Dragos introduced EmberAI, an OT-native AI built on its Intelligence Fabric, which aggregates more than 5 petabytes of daily OT telemetry. The system spans 600+ OT protocols and incorporates over a decade of tracking named OT adversary groups. EmberAI prioritizes threats by operational impact, keeps customer data on-premises, and aims to bridge the OT skills gap for IT staff and plant engineers. Citing Gartner guidance, Dragos positions CPS-specific intelligence engines as preferable to cloud-scale general models for sensitive OT data.
Source: TechIntelPro
TXOne Pushes Beyond Scores With Actionable OT Risk Program
TXOne Networks launched “A Score Is Not a Plan,” an initiative to help operators translate vulnerability findings into production-safe risk reduction. Many industrial organizations surface hundreds or thousands of issues yet lack a method to sequence fixes without disrupting operations. The program debuts as a three-part webinar series starting July 9, 2026. Its core message: severity scores alone are insufficient; operational context must drive remediation.
Source: PR Newswire