Today’s briefing highlights critical developments in the cybersecurity landscape for operational technology (OT), industrial control systems (ICS), internet of things (IoT), and cyber-physical systems (CPS). Key themes include emerging threats leveraging artificial intelligence, the persistence of vulnerabilities in remote access protocols, strategic initiatives for infrastructure resilience, and insights into costly cyber risks facing manufacturing. This selection of news underscores the evolving challenges and responses shaping security in critical infrastructure and industrial environments.
CISA Launches ‘CI Fortify’ to Enhance Critical Infrastructure Resilience Against Cyber Disruptions
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has introduced the ‘CI Fortify’ program aimed at bolstering the resilience of America’s critical infrastructure amid disruptive cyber threats. This initiative provides strategic guidance for operators to maintain essential services during crises, emphasizing isolation from third-party networks and robust recovery planning. CISA advises assuming unreliable external connectivity and partial OT network compromise in conflict scenarios, prioritizing proactive disconnection and restoration capabilities to limit operational impact.
Source: Industrial Cyber
Millions of Internet-Exposed RDP and VNC Servers Heighten Risks to Industrial and Critical Systems
A recent report from Forescout Vedere Labs reveals that millions of Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) servers remain publicly accessible on the internet, many tied to operational and industrial environments. Numerous systems run outdated or unsupported software vulnerable to critical exploits like BlueKeep, with inadequate authentication protections prevalent among VNC servers. This exposure facilitates targeted attacks by various threat actors including hacktivists and automated botnets, exacerbating risks to utilities, manufacturing, and healthcare sectors.
Source: Petri.com
Artificial Intelligence Powers Advanced Persistent Threats in OT and IoT Environments
Nozomi Networks Labs highlights the growing integration of artificial intelligence (AI) in sophisticated cyberattacks targeting OT and IoT ecosystems. AI accelerates malware development, enabling dynamic script rewriting and automated operational decision-making. Threat groups such as APT36 and Konni employ AI-generated code, while destructive tools like LazyWiper demonstrate AI-driven payloads. Additionally, AI frameworks automate reconnaissance and credential exploitation, marking a significant evolution in attacker capabilities against critical infrastructure.
Source: Nozomi Networks Labs
Emerging Malware Threats Breach Air-Gapped Networks and Disrupt Supply Chains
Barracuda Networks reports on multiple advanced malware campaigns threatening OT and critical infrastructure. The North Korea-linked APT37 utilizes the Ruby Jumper toolkit to exfiltrate data from air-gapped environments via USB devices and cloud storage. Meanwhile, FAUX#ELEVATE malware spreads cryptominers through fraudulent job applications. The CanisterWorm supply-chain malware propagates via package registries and CI/CD pipelines, exploiting trusted software workflows and isolation assumptions to compromise operational environments.
Source: Barracuda Networks Blog
MFA Misconfiguration Emerges as Leading Cause of Manufacturing Cybersecurity Losses
Analysis from Resilience underscores that misconfigured multi-factor authentication (MFA) is the costliest cybersecurity failure in manufacturing, accounting for 26% of incurred losses despite representing fewer claims than other issues. Ransomware remains the predominant threat, responsible for 90% of losses, with the BlackCat group’s attacks notably facilitated by MFA errors. The manufacturing sector continues to face increasing exposure, now the most targeted industry globally, compounded by a 40% rise in internet-exposed ICS devices from 2024 to 2025.
Source: Risk & Insurance
