New Claroty Team82 research highlights urgent ransomware threats and insecure connectivity in critical OT assets.

THE Claroty[Company name], a leading provider of cyber-physical system (CPS) protection, releases a new report revealing the most coveted targets for exploitation by adversaries in operational technology (OT) devices. Based on the analysis of nearly one million OT devices, the report, "The State of CPS Security 2025: OT Exposures,"State of CPS Security 2025: OT Exposures) found over 111,000 known exploitable vulnerabilities (KEVs) in OT devices at organizations in manufacturing, logistics and transportation, and natural resources sectors, with over two-thirds (68%) of the KEVs linked to ransomware groups. Based on the analysis of nearly one million OT devices, the report reveals the riskiest exposures for businesses amid growing threats to critical sectors.

In the report, the renowned research group Team 82 Claroty examines the challenges industrial organizations face in identifying and prioritizing known exploitable vulnerabilities (KEVs) in OT devices for remediation. The survey highlights how understanding the intersection of these vulnerabilities with popular threat vectors, such as ransomware and insecure connectivity, can help security teams proactively and efficiently minimize risks at scale. With offensive activity increasing by threat actors, the report details the risk critical sectors face from OT assets communicating with malicious domains, including those of China, Russia, and Iran.

"The inherent nature of operational technology creates obstacles to protecting these mission-critical technologies," says Grant Geyer, Chief Strategy Officer at Claroty. "From incorporating offensive capabilities into networks to targeting vulnerabilities in outdated systems, threat actors can leverage these exposures to create real-world risks to availability and security. As digital transformation continues to drive connectivity for OT assets, these challenges will only proliferate. There's a clear imperative for security and engineering leaders to shift from a traditional vulnerability management program to an exposure management philosophy, with the aim of ensuring they can prioritize the most impactful and possible remediation efforts."

Key findings:

• Of the nearly one million OT devices analyzed, Claroty's Team82 found that 121,TP3T contain Known Exploitable Vulnerabilities (KEVs), and 40% of the organizations analyzed have a subset of these assets insecurely connected to the internet.
• 7% devices had exposed KEVs, linked to known ransomware samples and actors, with 31% of the organizations analyzed having these assets unsecured internet connections.
• In the research, 12% organizations had OT assets communicating with malicious domains, demonstrating that the threat risk to these assets is not theoretical.
• The manufacturing industry was found to have the highest number of devices with confirmed Known Exploitable Vulnerabilities (more than 96,000), with over two-thirds (68%) of them linked to ransomware groups.

To access all the findings, deep analyses, and recommended security measures from Claroty's Team82 in response to vulnerability trends, download the report: “State of CPS Security 2025: OT Exposures“

Methodology

The report "State of CPS Security 2025: OT ExposuresThis provides an overview of observed and analyzed OT device vulnerability and exposure trends in the manufacturing, logistics and transportation, and natural resources sectors, as observed and analyzed by Team82, Claroty's threat research team and our data scientists.