As sectors such as manufacturing, oil and gas, and utilities are revolutionized by digital transformation, the role of industrial internet of things (IIoT) devices is increasingly critical. By combining intelligence and connectivity in everything from Bluetooth-enabled industrial sensors that feed data to the cloud to advanced analytics platforms, IIoT is enabling organizations of all sizes to unlock new levels of efficiency and maintenance. These smart devices are transforming day-to-day operations and streamlining otherwise complex industrial workflows.
A critical part of this transformation are ruggedized routers and switches purpose-built for operational technology (OT) environments. Not only can these network devices withstand the harsh conditions of industrial environments, but this OT-grade equipment can support OT protocols such as MODBUS and BACNET, and are certified to support and integrate with different proprietary vendor devices. For many sectors, their importance cannot be overstated.
Even still, these devices and their interconnectivity introduce new forms of cyber risk. Their benefits can be overshadowed by the fact that they may be targeted by sophisticated attackers; some of these include advanced persistent threats and nation-state threat actors. Recent Team82 research has uncovered several critical vulnerabilities in widely used industrial switches, further illuminating the exposures these devices can bring if not properly secured.
What Is the Industrial Internet of Things (IIoT)?
Speaking broadly, the industrial internet of things (IIoT) refers to the interconnected sensors, instruments, and devices that enhance manufacturing and industrial processes. In today’s digital world, IIoT devices have become nothing short of essential for day-to-day operations in industrial facilities across the globe. Their importance to critical infrastructure underscores how crucial it is to properly secure these devices, as an attack on them could create high-risk situations for organizations and personnel alike. If a malware attack brings a critical piece of equipment offline, for example, it could create financial and reputational damage for the company, and endanger the physical safety of workers.
Recent Cyberattacks on IIoT Devices
Attackers have increasingly targeted IIoT devices linked to critical infrastructure worldwide. Some notable attacks in the past two years include:
Texas and Poland Water Utilities
In early 2024, a group known as Cyber Army of Russia Reborn caused widespread chaos at water utilities in both the US and Poland. The attack vector was reportedly a human-machine interface (HMI) that the attackers compromised to gain access to both utilities’ control systems.
Nucor Steel
In May 2025, US-based steelmaker Nucor was forced to halt production when it detected unauthorized third-party access to its enterprise network. The attack affected several facilities across the country and limited the company’s ability to access certain functions.
Malware Attacks on CCTV Cameras
Researchers found a malware variant known as Mirai was being used to attack unpatched vulnerabilities in CCTV cameras that monitor critical infrastructure. The researchers warned that the threat level on these devices was high enough to warrant their decommissioning if there was no patch or remediation method available.
3 Persistent Threats Against IIoT and IoT Devices
As digital transformation brings more IIoT devices online, the industrial sector has additional potential exposure points and an expanded attack surface to protect. The attacks listed above give some context into the larger trends that are proliferating against IIoT devices and OT environments, but here are some persistent threats that CISOs and other decision-makers need to bear in mind when revamping their security strategies.
Ransomware
The industrial sector is certainly no stranger to ransomware-based attacks, but the threat is rapidly intensifying as these attacks against the enterprise network can force organizations to halt operations until remediated. A recent report noted that ransomware-based attacks against industrial operators surged by 46% at the start of 2025. In Q1 2025 alone, there were 2,472 potential ransomware attacks documented, representing 40% of the estimated total from 2024.
Cyber Av3ngers and Hacktivism
Hacktivist groups that launch attacks against government and corporate entities are also attacking the industrial sector, putting IIoT devices in their crosshairs as a favored attack vector. Using cyberweapons such as IOCONTROL, these groups attack devices such as HMIs, programmable logic controllers (PLCs), routers, and switches. Attacks against the devices as the heart of automation processes can quickly disrupt or damage industrial operations, and interrupt critical service delivery in some critical industries.
Exposed Remote Access
As mentioned above, secure remote access is a growing issue for IoT device security. Since many IoT and IIoT devices lack their own security protocols, they can be a liability when third parties such as contractors or vendors log into an enterprise network. Remote access tool sprawl is also a huge challenge for CISOs. Third parties within the supply chain managing these devices represent a challenging exposure to manage for security teams. Often they introduce remote access tools that aren’t necessarily enterprise-grade and lack the monitoring, logging, and auditing capabilities that a purpose-built secure access solution for OT would deliver.
Securing IIoT Devices with the Claroty Platform
Protecting IIoT devices within an OT environment demands a specialized, holistic approach. IT-centric tools aren’t up to the challenge because they lack the specific protection that OT environments demand. On top of that, using a range of individual tools runs the risk of pitfalls, including tool sprawl.
With the Claroty Platform, organizations get several benefits in one solution, including secure remote access to protect third-party access, industry-leading asset discovery to identify all devices within a vast and complicated enterprise network, threat detection to catch anomalies before they become attacks, and much more.
Explore the Claroty Platform or schedule a demo with one of our experts to learn more about how Claroty can protect IIoT devices within your organization.
