Governance & Risk Management,
Operational Technology (OT)
Trellix Warns of Rising Threats to PLCs from Cyber Attackers
Cybersecurity firm Trellix has issued a stark warning regarding the increasing vulnerability of programmable logic controllers (PLCs) within operational technology environments. Their report highlights a range of incidents occurring in critical infrastructure sectors throughout the latter half of the year.
See Also: AI vs. AI: Leveling the Defense Playing Field
Patching PLCs is significantly more complex than updating conventional systems, such as Windows laptops. This complicated process has become even more pressing as the number of vulnerabilities rises, resulting in a growing allure for cybercriminals targeting these critical systems. Many attacks appear motivated by political intent or disruptive objectives, as evidenced by the heightened risks associated with the ongoing geopolitical tensions, such as those surrounding the Israel-Hamas conflict.
Trellix has highlighted the alarming trend of increased hacker focus on PLCs, exacerbated by insecure remote access points that grant adversaries entry. A notable vulnerability identified this year in Rockwell ControlLogix Ethernet modules, classified as CVE-2025-7353, allows for remote code execution. This flaw could enable attackers to compromise communication systems, potentially altering or disabling safety protocols without requiring engineering credentials, marking a crucial point of entry for malicious actors.
Despite the growing number of threats, the average duration from vulnerability detection to patch deployment currently exceeds 180 days. This significant delay poses substantial risks, particularly in environments dependent on aging legacy systems that are often customized over the years. Such systems may require extensive code rewrites and revalidations from vendors before any patch can be considered, making prompt remediation challenging.
Trellix emphasizes that in the context of OT environments, legacy systems complicate patching efforts. The prioritization of patching must take into account not only production schedules and site constraints but also exposure risk management, intelligence regarding vulnerabilities, vendor validation, and overall cyber risk. A failure to act could mean costly downtime, especially in industries where halting operations can result in millions in lost revenue.
Operators frequently prioritize system uptime, which can lead to neglect in addressing security vulnerabilities. Between April 1 and September 30, Trellix’s telemetry identified 272,512 threats related to OT or industrial control systems, including 333 ransomware incidents across their customer base. Manufacturing entities represented the highest proportion of these attacks at approximately 42%, while transportation and shipping faced around 28% of the threats.
These developments reinforce the necessity for business owners to be vigilant against potential cyber threats, particularly as adversaries increasingly exploit vulnerabilities within operational technology environments. Understanding the potential tactics utilized in such attacks is essential; methods such as initial access, persistence, and privilege escalation, outlined in the MITRE ATT&CK framework, can provide insight into the evolving threat landscape.
