Connect with us

Hi, what are you looking for?



OT Maintenance Is Primary Source of OT Security Incidents: Report

A new ICS security report from TXOne Networks says many OT security incidents involved ransomware and vulnerability exploitation. 

A recent report from TXOne Networks, a Taiwan-based cybersecurity firm focusing on operational technology (OT), looks at OT security incidents and their sources, as well as the preparedness of organizations against attacks. 

The report is based on a combination of data from a survey of over 400 CIOs conducted in September 2023 by Frost & Sullivan, and data collected by TXOne itself from more than 500 incidents that occurred last year in North America, Europe and the APAC region. The survey respondents represented organizations in the United States, Germany, Japan and the United Arab Emirates (UAE), with roughly 100 respondents from each country. 

The survey found that 46% of organizations had dealt with an OT security incident in the previous 12 months. Of these incidents, 47% involved ransomware — the percentage was higher in the US and UAE, exceeding 50%, and the lowest was in Germany.

TXOne last year tracked 317 ransomware attacks in North America and 124 in Europe against companies that have OT systems. The government facilities, manufacturing and healthcare sectors were the most targeted. While these attacks were mainly aimed at IT systems, OT environments were also affected in 97% of cases. 

The top three types of OT security incidents reported by respondents also included exploitation of vulnerabilities and malware infiltration. 

In the case of vulnerability exploitation, TXOne told SecurityWeek that organizations with OT systems are often aware of flaws being exploited in their environments, but they are unable to address the problem.

“Some legacy systems are no longer in their warranty periods; however, for technical or business concerns, those assets cannot be updated with the latest operating systems. For example, the existing apps on those assets often will not have any compatible versions with the latest, safer operating systems,” the cybersecurity firm explained. 

While industrial organizations are often targeted in ransomware attacks, the survey showed that 76% are very or extremely concerned by attacks launched by state-sponsored threat actors. One perfect example are the recent US water sector hacks attributed to threat actors affiliated with the Iranian government. 

When asked about the source of OT security incidents, the survey respondents most often named OT maintenance (52%). 

Advertisement. Scroll to continue reading.

OT maintenance, TXOne clarified, includes updating software or firmware on assets, installing new applications, and reconfiguring settings. These activities can be done in-house by engineers or through third-party maintenance. 

“A typical situation is when an asset goes into maintenance and it’s disconnected from other services, maintenance staff would install/copy something from that asset. That’s the point that the malware can enter the system, mostly through removable storage media,” the cybersecurity firm told SecurityWeek

The report also looks into IT-OT convergence risks, cybersecurity complexity and maturity, OT/ICS cybersecurity management and investment, compliance, and regulations. The full report is available in PDF format on TXOne’s website. 

Related: Ransomware Attacks on Industrial Orgs Increasingly Impact OT Systems: Survey

Related: Weapons Systems Provide Valuable Lessons for ICS/OT Security

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.


Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...


Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...