Threats

Threats to ICS systems in 2025

What to expect and how to defend yourself

Industrial control systems

4 August 2025

Indice dei contenuti

  • Industrial IoT growth and new attack surfaces
  • Ransomware-as-a-Service in ICS systems
  • OT supply chain targeted by attacks
  • Targeted attacks on PLCs and SCADA systems
  • Advanced Persistent Threats (APT) in Industrial Sectors
  • IT/OT convergence and contamination risks
  • Defense Strategies for 2025

Industrial control systems ( ICS ) security faces a new wave of increasingly sophisticated and persistent threats.

With the expansion of the Industrial Internet of Things, the adoption of OT technologies integrated into IT networks, and the growth of Ransomware-as-a-Service, critical infrastructure is increasingly exposed to targeted cyber attacks.

In this article, we take an in-depth look at the main threats to ICS (industrial control systems) expected in 2025, the most exploited vulnerabilities, and the security solutions to adopt to protect industrial sectors and ensure business continuity.

Industrial IoT growth and new attack surfaces

The rise of the Industrial Internet of Things (IIoT) has revolutionized the way industrial companies collect and analyze data in real time. However, every connected sensor, actuator, or microcontroller represents a potential entry point for cybercriminals.

Many IoT devices are not designed with advanced cyber security criteria, and often do not receive regular updates, leaving them vulnerable to remote exploits or ICS network compromises.

Example
The use of wirelessly connected industrial scanners compromised via Wi-Fi spoofing attacks: attackers were able to gain access to the internal IT network and spread laterally towards OT systems.

Ransomware-as-a-Service in ICS systems

Ransomware-as-a-Service (RaaS) model , which allows less sophisticated criminal groups to rent out ready-made ransomware, has also spread to the OT domain.

Ransomware attacks against Industrial Control Systems are particularly damaging because they can disrupt production lines, damage machinery, and cause significant supply chain impacts.

In 2025, according to the Yarix Report, the majority of ICS ransomware infections are being delivered through compromised credentials or manipulated software updates. Systems such as SCADA ( Supervisory Control and Data Acquisition ) and programmable logic controllers (PLCs) were the preferred targets because they are rarely isolated or have strong authentication.

Example
A ransomware attack on a municipal water plant blocked the industrial control system for over 72 hours, forcing the facility to resort to manual procedures and causing significant economic losses.

OT supply chain targeted by attacks

ICS security threats are moving upstream, targeting OT software and hardware vendors. Supply chain attacks rely on malware being injected directly into third-party code libraries or device firmware.

OT system monitoring software. Companies that use compromised components in the supply chain are unknowingly finding themselves with an active backdoor at the heart of their SCADA system.

The SolarWinds and Kaseya attacks of previous years are now the model from which many new attacks take inspiration, but adapted for the industrial environment.

Targeted cyber attacks

Targeted attacks on PLCs and SCADA systems

Programmable logic controllers (PLCs) and SCADA systems are still among the most targeted targets today. The reasons are various: they are often legacy systems, not updated, poorly segmented from the corporate network, and based on obsolete protocols such as Modbus/TCP or DNP3, without encryption.

A recent attack, called “ShadowPLC,” showed how it is possible to modify the behavior of PLCs without altering the files visible to operators. This type of silent attack can sabotage a production line without being detected by standard controls.

Advanced Persistent Threats (APT) in Industrial Sectors

In 2025, there is an increase in APTs (Advanced Persistent Threats) targeting strategic industrial sectors such as energy, manufacturing and transportation. These campaigns are often sponsored by nation-states and aim to gain sustained access to ICS systems for espionage or sabotage purposes.

A case in point is the “VoltStorm” APT campaign discovered in a European refinery, which for months maintained invisible access to the industrial network through exploits in HMI (Human-Machine Interface) devices.

IT/OT convergence and contamination risks

The growing convergence of IT and OT networks has increased the exposure of ICS networks. Malware originating from IT environments, such as Emotet or Trickbot, can easily propagate to production systems if network segmentations are not rigorous.

ICS networks must be isolated, segmented, monitored with IDS/IPS tools and have an updated asset inventory. Any connection between IT and OT can be a vector of infection if not properly protected.

Defense Strategies for 2025

Addressing these threats to ICS systems requires a multi-layered approach:

  • OT Network Segmentation
    Isolate industrial components from corporate IT networks, using firewalls, VLANs and demilitarization zones (DMZs).
  • Constant device updates
    Include embedded devices and PLC firmware in patch management processes.
  • Continuous Monitoring and Threat Detection
    Use supervisory control and data acquisition tools that integrate behavioral detection systems.
  • Supply Chain Security
    Evaluate supplier security and require periodic audits of code, security practices, and hardware documentation.
  • Backup and disaster recovery
    Always have a tested, offline recovery plan, especially useful in the event of ransomware.
  • Staff training
    Investing in awareness for OT operators and ICS engineers, who are often less involved in corporate cyber hygiene paths.
  • Standards adoption
    Implement frameworks such as IEC 62443 and NIST SP 800-82 specific to Industrial Control Systems.

To conclude

2025 will be a critical year for ICS security. Critical infrastructures must face increasingly sophisticated and targeted cyber threats, which exploit the large attack surface introduced by IoT, IT/OT convergence and globalized supply chains.

Only by adopting a proactive approach, based on specific security solutions and multi-layered defense strategies, will it be possible to effectively protect industrial control systems from potentially devastating compromises.

Questions and answers

  1. What are ICS systems?
    Systems (ICS ) are the set of technologies used to monitor and control industrial processes in sectors such as energy, transportation and manufacturing.
  2. What are the top ICS threats in 2025?
    Ransomware-as-a-Service, OT supply chain attacks, IoT device compromise, industrial APTs.
  3. Why are PLCs critical targets?
    Because they are often vulnerable, lack strong authentication, and are directly connected to production lines.
  4. What is an OT supply chain attack?
    An attack that compromises third-party software or hardware, infecting ICS systems as they are being installed.
  5. How to protect ICS networks from ransomware?
    Segmentation, offline backup, frequent updates, and behavioral detection tools.
  6. What role does IT/OT convergence play in ICS threats?
    Increases the exposure of the ICS network to cyber threats originating from the corporate IT network.
  7. Are there any security standards for ICS?
    Yes, such as IEC 62443 and NIST SP 800-82, which are specifically designed for OT environments.
  8. Which industrial sectors are most at risk?
    Energy, transportation, chemicals, manufacturing and water management.
  9. Can ICS attacks cause physical damage?
    Yes, in many cases an attack on a PLC or SCADA system can damage machinery or compromise security.
  10. Is it possible to monitor industrial IoT devices?
    Yes, but it is necessary to use specific visibility tools for embedded devices and industrial networks.
6
To top