AClaroty, leading company in the protection of cyber-physical systems (CPS), reveals a new report highlighting the most sought-after vulnerabilities for exploitation by adversaries in operational technology (OT) devices. Based on the analysis of nearly one million OT devices, the report "The State of CPS Security 2025: OT Exposures"Estado da Segurança de CPS 2025: Exposições de OTfound more than 111.000 Known Exploitable Vulnerabilities (KEVs) in OT devices in manufacturing organizations, logistics and transport, and natural resources, with more than two-thirds (68%) of the KEVs being linked to ransomware groups. Based on the analysis of nearly one million OT devices, the report reveals the riskiest exposures for companies amid growing threats to critical sectors
In the report, the recognized research groupTeam82Claroty examines the challenges that industrial organizations face in identifying, in OT devices, which Known Exploitable Vulnerabilities (KEVs) to prioritize for remediation. The survey highlights how to understand the intersection of these vulnerabilities with popular threat vectors, how ransomware and insecure connectivity, can help security teams minimize risks at scale in a proactive and efficient manner. With the offensive activity increasing from threat agents, the report details the risk that critical sectors face from OT assets communicating with malicious domains, including those from China, Russia and Iran
"The inherent nature of operational technology creates barriers to protect these mission-critical technologies", says Grant Geyer, Director of Strategies at Claroty. "From the incorporation of offensive capabilities in networks to the targeting of vulnerabilities in outdated systems", threat agents can take advantage of these exposures to create risks to availability and security in the real world. У міру того як цифрова трансформація продовжує стимулювати підключеність для активів ОТ, these challenges will only proliferate. There is a clear imperative, for security and engineering leaders to shift from a traditional vulnerability management program to an exposure management philosophy, with the aim of ensuring that they can make the most impactful and feasible remediation efforts
Main findings
- Of nearly one million analyzed OT devices, Team82 from Claroty discovered that 12% contain Known Exploitable Vulnerabilities (KEVs), and 40% of the organizations analyzed have a subset of these assets connected insecurely to the Internet
- 7% of devices are exposed with KEVs, that were linked to known ransomware samples and agents, with 31% of the analyzed organizations having these assets connected to the Internet in an insecure manner
- In the research, 12% of organizations had OT assets communicating with malicious domains, demonstrating that the risk of threat to these assets is not theoretical
- It was found that the manufacturing industry had the highest number of devices with confirmed Known Exploitable Vulnerabilities (over 96.000), з більш ніж двома третинами (68%) їх пов'язані з групами ransomware
To access all the discoveries, in-depth analyses and security measures recommended by Team82 of Claroty, in response to vulnerability trends, завантажіть звіт:“Estado da Segurança de CPS 2025: Exposições de OT“
Methodology
The report "Estado da Segurança de CPS 2025: Exposições de OT⁇ дає загальний погляд на тенденції вразливостей і експозицій пристроїв ОТ у виробничих секторах, logistics and transport, і природних ресурсів спостеріганих і аналізуваних командою82, команда дослідження загроз Claroty та наші науковці даних
