OT Protocol Attacks Surge 84%, Highlighting Cybersecurity Weakness in Industrial Networks
Event summary
- Forescout’s 2025 Threat Roundup report analyzed over 900 million attacks globally between January and December 2025.
- Cyberattacks targeting Operational Technology (OT) protocols increased by 84%, with Modbus, Ethernet/IP, and BACnet being the most exploited.
- Attack infrastructure increasingly leverages cloud services like Amazon and Google, accounting for over 15% of observed attacks.
- Reconnaissance activity post-exploitation rose dramatically to 91%, indicating attackers are prioritizing network mapping and target identification.
The big picture
Forescout's report underscores a growing trend of cybercriminals exploiting rapidly evolving technologies and infrastructure, particularly within operational technology environments. The increased reliance on cloud services and the proliferation of IoT devices are expanding the attack surface, while the focus on reconnaissance highlights a shift towards more sophisticated and targeted attacks. This trend necessitates a proactive and holistic approach to cybersecurity, encompassing asset visibility, risk assessment, and dynamic control across all network environments.
What we're watching
- OT Security
- The rapid increase in OT protocol attacks suggests a significant and widening security gap in industrial environments, requiring immediate and focused remediation efforts.
- AI Risk
- The exploitation of AI development platforms like Langflow demonstrates that the rapid adoption of AI technologies introduces new and previously unforeseen attack vectors.
- Reconnaissance
- The shift towards extensive reconnaissance activity by attackers implies a heightened risk of data exfiltration and lateral movement, demanding enhanced detection capabilities and network segmentation.
Related topics