INDUSTRIAL Controllers Still Vulnerable As Conflicts Move to Cyber argues that the US government warns energy companies, water utilities and industrial firms that state‑sponsored adversaries are targeting Internet‑connected OT, while researchers have found a small number of older industrial control systems granting direct access without authentication.
A Masscan‑driven scan of OT using Modbus identified at least 179 devices that allow unauthenticated access, according to researchers at Comparitech, a figure that, while a minority, highlights exposed systems likely being targeted. The piece quotes Jeff Macre of Darktrace noting that Internet‑facing control system components and weak boundaries create direct routes into industrial environments, though IT‑to‑OT pivoting remains the dominant path in many incidents.
It also notes that the US government warned on 7 April that Iran‑linked cyberattackers are targeting PLCs, OT devices in sectors such as water and energy, and references a 2025 Poland attack connected by analysts to Russia‑aligned actors. Dragos’ Liz Martin cautions that internal gaps such as poor segmentation and weak privileged credentials are exploited once attackers breach the front door, with fewer than 10% of OT networks globally having visibility and monitoring in place.
The article underlines that while direct targeting of OT is not merely theoretical, organisations should scan internally and externally to identify vulnerable devices, since external scans alone cannot see devices behind NATs, firewalls or cellular OT links.