In light of increasing attacks on IoT and OT devices and connected infrastructures, Zero Trust is coming into focus as a permanent approach to greater resilience.
Zero Trust security should be an approach for many companies due to increasing attacks on IoT and OT devices.
The growing threat landscape for IoT and OT devices remains a central topic in the cybersecurity debate. With an alarming 45 percent increase in IoT malware, according to the Zscaler Threatlabz 2024 Mobile, IoT & OT Threat Report, alongside numerous successful attacks, it becomes clear that these devices continue to serve as a preferred entry point into corporate environments for cybercriminals. A single compromised IoT device can jeopardize an entire corporate network – a fact exacerbated by the lack of integrated security mechanisms in IoT hardware.
But the challenges extend beyond IoT: the increasing convergence of IT and OT infrastructures amplifies the risk. These systems still often rely on outdated devices and software and are associated with long lifecycles. More than 50 percent of OT devices run on obsolete operating systems that have reached the end of their lifecycle and typically contain known vulnerabilities. Furthermore, risky legacy protocols and services often account for more than 20 percent of internal East-West network connections. The inadequate ability to patch critical assets and the growing use of cloud services make OT environments an attractive target for threat actors.
Ransomware and Targeted Attacks on Critical Infrastructures
Ransomware remains one of the biggest threats to IoT and OT. The manufacturing sector, identified as particularly vulnerable for the second consecutive year, is a primary target for such attacks. The reliance of this industry on connected OT environments provides attackers with numerous entry points. Data centers are also increasingly coming into focus, as their classification as critical infrastructure in the UK, and potentially soon in Europe, creates new threat scenarios. The growing use of service provider infrastructures by companies heightens this risk: attacks on data centers can have far-reaching effects along the entire service chain and significantly impede productivity.
The manufacturing sector accounted for 36 percent of all observed IoT malware attacks for the second consecutive year. Over 75 percent of blocked IoT transactions were linked to the Mirai malware family. Meanwhile, around 50 percent of all malicious payloads originated from the Mirai and Gafgyt malware families. Other malware families active in this environment include Mozi (12.8%), "VPNfilter" (5.6%), and Agent (3.5%). Of all analyzed attacks, 2.7 percent targeted IoT and OT infrastructures in Germany, and 1.6 percent targeted those in Switzerland.
Not surprisingly, the manufacturing and transportation sectors are the primary focus of cybercriminals, with over 50 percent of their attacks targeting these two industries. Regarding the devices in focus, it is unsurprising that the majority of compromised IoT devices are routers. In other industries, the most vulnerable IoT devices are data collection terminals (79.8%), which are predominantly used in retail.
Nearly 75 percent of exploited Common Weakness Enumerations (CWEs) were related to command injection vulnerabilities, which allow attackers to execute unauthorized commands, often leading to the download and installation of so-called stager scripts or malicious binaries. Improper input validation ranks second with only 10.5 percent.
AI Is Used for Both Attack and Defense
Networks of critical infrastructure operators, such as in the manufacturing, healthcare, transportation, and energy sectors, have always been difficult to secure. Due to the many unprotected identities and OT/IoT endpoints, these industries remain a primary target for cyberattacks. This threat is not limited to initial compromises by threat actors but extends to their ability to move laterally through OT and connected IT networks before embedding ransomware and preparing malicious payloads.
AI tools will further transform management in IoT and OT security. AI will assist defenders in automating critical functions such as detecting IoT and OT assets in complex environments and enabling IoT/OT segmentation and control on a large scale. Moreover, AI can help align IoT/OT security policies more effectively with real-time risks. This will allow defenders to regain control over their IoT and OT environments and better prioritize their actions to achieve greater security.
The following tips are intended to provide security teams with suggestions for improving IoT and OT security:
Discover, classify, and inventory all IoT and OT. A comprehensive understanding of the IoT and OT attack surface is required, encompassing the detection, classification, and inventorying of both managed and unmanaged or "shadow" devices. This enables defenders to better understand and counter IoT/OT threats while prioritizing remediation efforts.
Collecting and monitoring network logs for user access, application, and system events. Network logs should be continuously monitored and analyzed for key indicators, especially given that threat actors like Volt Typhoon can have significant dwell time within enterprise systems.
Phishing-resistant multi-factor authentication (MFA) must be enabled wherever possible. Default passwords should be changed, and administrative credentials must be protected.
Critical vulnerabilities and internet-connected systems should be patched. Unpatched systems connected to the internet are the most vulnerable to threat actors. Automatic updates must be enabled, and IoT and OT assets should be patched quickly to minimize the risk of new vulnerabilities. AI-powered threat intelligence platforms can assist in prioritizing and effectively managing security patches.
A Zero Trust device segmentation for IoT and OT helps restrict access. Segmentation from device to application, user to application, and application to application should be implemented, and access should be restricted through least privileged access controls to prevent lateral movements and minimize data exposure.
Privileged remote access to OT systems may be allowed. However, given the convergence of OT systems with traditional IT networks and services, it is crucial to secure third-party access and remote access to OT systems. Security teams should utilize trusted, outbound-only connectivity that employs fully isolated RDP and SSH sessions between users and the OT system.
Encrypted data traffic should be continuously and comprehensively inspected to prevent attackers from compromising systems.
The analysis of last year's threat landscape shows that the IT security of IoT and OT, data centers, and supply chains should not play a subordinate role. Companies must adopt integrated approaches that include both advanced technological concepts like Zero Trust and training for their employees. At the same time, it remains crucial for service providers to optimize their security measures and response times to meet the growing demands of increased connectivity between IT and OT. In a connected world, the ability to react quickly and effectively to threats is key to resilience.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
:quality(80)/p7i.vogel.de/wcms/f9/7d/f97deef8fde21c8630d76411b18a20a7/0129803665v1.jpeg "Skoda has invested well over 220 million US dollars in the high-tech battery plant that has now opened in Mlada Boleslav. It has now started its work, which is highly automated ... (Image:Skoda)")
:quality(80)/p7i.vogel.de/wcms/f5/61/f561ad7c72ed41fd7a67ad9c481cb15d/0129799343v1.jpeg "Engine-generator units (MGU) from Steyr Motors are at work in the Leopard 2 main battle tank and the Leguan bridge vehicle (pictured). An extended contract is now to secure at least 500 more systems of this type for the Bundeswehr ... (Image:German Armed Forces)")
:quality(80)/p7i.vogel.de/wcms/6c/b5/6cb5ce2155433f6e73b16399adc4c561/0113143253v1.jpeg "In our China Market Insider we regularly provide you with relevant information directly from China. (Image:© Eisenhans - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/7f/fd/7ffd32863352c40f562f4245e4766e61/0129745849v1.jpeg "After US President Donald Trump once again resorted to his favorite weapon, tariffs, concerns rose in the EU that the so-called tariff deal could become invalid. But it looks as if the sea remains relatively calm ... (Image:F. Schneidler)")
:quality(80)/p7i.vogel.de/wcms/9c/ac/9cac6246660e746c5a3989399ac4d250/0128561645v1.jpeg "Artificial intelligence can drive efficiency in smart factories through centralized data management and predictive maintenance. (Picture: ©Fardived - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/6b/e2/6be235b5ad8a442ccd9d164b0b300d8b/0129763992v1.jpeg "As early as 2020, the Zimmer Group announced that it would convert its production to be sustainably CO2-neutral. (Image:Zimmer Group)")
:quality(80)/p7i.vogel.de/wcms/d4/ba/d4bab9481e66f8570f40eb8ef2a90198/0129795613v1.jpeg "A camera inspection during removal ensures that the components are placed correctly in the KLTs. (Image:Yaskawa Europe)")
:quality(80)/p7i.vogel.de/wcms/cb/56/cb56e42b01638b618e8d1b9b38f32faa/0129810132v1.jpeg "From summer 2026, \"AEON\" will support people at the BMW plant in Leipzig. (Image:diephotodesigner.de/BMW)")
:quality(80)/p7i.vogel.de/wcms/b5/5e/b55ed9355e0395ec0caf111d6af6b494/adobestock-495980372--c2-a9-20natali-mis-20-e2-80-93-20stock-adobe-com-6720x3778v1v1.jpeg "Which engineering skills will be in vogue in 2026? (Image:natali_mis - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/bf/a5/bfa5d882e93f159ce93e933742272b00/nord-vibn-cmyk-2196x1235v1v1.jpeg "With digital twins for virtual commissioning, Nord supports customers in ensuring that systems are available more quickly, even with complex drive systems. (Image:Nord Drivesystems)")
:quality(80)/p7i.vogel.de/wcms/f5/7e/f57ef535ee35e7b3b7ff15a8a63cef10/eds-keyvisual-8000x4496v1.jpeg "(Source: European Defence Supply)")
:quality(80)/p7i.vogel.de/wcms/af/a3/afa312176d956068af20491957eef642/newsimage418262-3100x1745v1v1.jpeg "The autonomous shuttle of the Aula AI project during a demonstration of sensor data with artificial fog. (Image:University of Magdeburg)")
:quality(80)/p7i.vogel.de/wcms/cb/23/cb23acd8e9de969d52522692b62b1892/0129680605v1.jpeg "The Z22198 is an extremely compact, three-axis IEPE acceleration sensor for measuring oscillations (vibrations) and shocks in demanding applications. With an edge length of just 0.24 inches and a weight of 0.03 ounces, it is ideal for lightweight structures and confined spaces. (Image:Copyright 2020 ScROGERS,All Rights Reserved)")
:quality(80)/p7i.vogel.de/wcms/c4/40/c44043c61f9dd99b80ccca398c284018/0129795093v1.jpeg "Subaru manufactures the E-Outback at its Yajima plant, marking the first time it has produced an electric vehicle in-house. (Image:Subaru)")
:quality(80)/p7i.vogel.de/wcms/fe/18/fe1824e572677900655c854f6c92c391/0129811281v1.jpeg "BMW and CATL deepen their partnership and work together on the battery pass. (Image:BMW)")
:quality(80)/p7i.vogel.de/wcms/15/54/15546b27b3a679871325ef6d92509a95/0129750872v1.jpeg "Webasto plans to open its third plant for sunroofs in India. (Image:Webasto)")
:quality(80)/p7i.vogel.de/wcms/70/14/70142aa050f8d3f7784c5ddbb2aba5f1/0129778339v1.jpeg "The software investments in production have saved time in Lacon production. (Image:Lacon)")
:quality(80)/p7i.vogel.de/wcms/5c/0f/5c0fee074c4b6c8e8c0993f3217c2f5a/0129773718v1.jpeg "The General Fusion demonstration reactor. (Image:General Fusion)")
:quality(80)/p7i.vogel.de/wcms/7f/c1/7fc1c83b8509df676d27518b82aaef02/0129764984v1.jpeg "China Resources Microelectronics (CR Micro) has announced its intention to increase the prices of its own products. (Image:China Resources Microelectronics)")
:quality(80)/p7i.vogel.de/wcms/eb/4e/eb4e449562174ec95a5b3d30fb0137a2/0129648135v1.jpeg "The III-V germanium PV module with an efficiency of 34.2% is currently the most efficient solar module in the world. (Image:Jacob Forster)")
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80)/p7i.vogel.de/wcms/8a/1e/8a1e6f65e2a0233007e1308a0bc42891/org-blobs-user-response-file-output-3964257d-ad39-4188-854f-cb9f073d1d06-plugin-output-call-xpdfkdgybtu3axwxtgikmroc-1536x864v1.png "org-blobs-user-response-file-output-3964257d-ad39-4188-854f-cb9f073d1d06-plugin-output-call-xpdfkdgybtu3axwxtgikmroc-1536x864v1 (Source: AI-generated)")
:quality(80)/p7i.vogel.de/wcms/9a/5e/9a5e5df1b6a71beb6ce60696dc82ca45/0128937660v1.jpeg "On a private aircraft, passengers use smartphones, laptops, tablets and smartwatches, all of which are connected to the aircraft's Wi-Fi network. This fundamentally changes the risk profile of the aircraft. (Image:freely licensed at Pexels)")