by Connor Gadbois & Marcia Gadbois
The scariest stories are not whispered around campfires this Halloween; they unfold in server rooms and control networks. OT (operational technology) cybersecurity breaches have become the modern horror tales of Industry 4.0, where invisible intruders creep through legacy systems, waiting for the perfect moment to strike. But fear not, understanding these digital demons is the first step toward defeating them.
According to Check Point, “In Q2 2025, the global average number of weekly cyberattacks per organization reached 1,984, a 21% increase compared to the same period in 2024, and 58% higher than two years ago.”
October is Cybersecurity Awareness Month, and one thing is clear: the first ten months of 2025 have been marked by escalating cyber threats and unprecedented challenges for some of the world’s largest organizations.
Global market volatility, driven by geopolitical tensions, shifting tariff policies, and fluctuating inflation and interest rates, has made the business landscape more unpredictable than ever. Cybersecurity teams are feeling the squeeze as organizations tighten budgets and slow hiring.
Resource constraints in 2025 are forcing security leaders to do more with less. Shrinking budgets and reduced staffing have left many enterprises struggling to maintain defenses, perform timely risk assessments, and ensure compliance. This convergence of economic uncertainty and under-resourced security operations is creating a perfect storm, widening vulnerabilities, slowing response times, and heightening the risk of costly breaches and compliance failures.
So, if that does not send chills down your spine this Halloween, nothing will. Let us pull back the curtain on OT cybersecurity and explore how to keep the monsters at bay.
Why OT Systems Are the New Horror Frontier
The OT layer remains a high-value target for threat actors. In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules requiring public companies to report material cybersecurity incidents under new Item 1.05 of Form 8-K beginning on December 18, 2023. Wilson Sonsini’s Known Trends blog, which tracks these public filings, reported that from December 18, 2023, through January 19, 2025, 55 cybersecurity incidents were reported, with OT attacks accounting for 55% of those incidents.
Recent OT Breach Examples
– Jaguar Land Rover Automotive (JLR) — A cyberattack that began on August 31, 2025, severely disrupted operations across the company. Three factories in Britain, which together produce about 1,000 cars per day, had to be shut down for nearly six weeks. Production was completely halted throughout September and into early October, with wholesale and retail activity also affected by group-wide system shutdowns.
The disruption is expected to weigh on performance through the end of fiscal 2026 (March 31) and possibly into fiscal 2027, with wholesale volumes projected to decline sharply amid ongoing tariff headwinds and weakening demand in China. As a result, JLR revised its fiscal 2026 outlook, cutting adjusted EBITDA margins to 3%–5% from 6%–7% previously.
The Financial Times (FT) report indicates that JLR, the Tata Motors subsidiary, is likely to be hit with a £2 billion bill as it was not insured against the cyberattack that has disrupted operations and has already resulted in financial losses.
Although the company has not officially confirmed the source, a group calling itself “Scattered Lapsus$ Hunters” has claimed responsibility, citing extensive disruption to manufacturing, logistics, and service operations across JLR’s global supply chain.
AI Generated
– Pakistan Petroleum Limited (PPL) — The state-run oil and gas giant suffered a severe ransomware attack that disrupted its IT systems for several days. The breach involved the “Blue Locker” ransomware, a strain designed to encrypt files and demand payment for their release.
Blue Locker is delivered through phishing emails, malicious attachments, and insecure remote connections. Once executed, it uses a PowerShell-based loader to disable security defenses, escalate privileges, and spread laterally across local networks and removable devices, making it especially dangerous in industrial environments like oil and gas operations.
While PPL reported that its critical operational systems remained unaffected, the proximity of IT and OT environments in energy infrastructure raises serious concerns. In oil and gas operations, even limited IT breaches can cascade into OT disruptions, halting production, interrupting pipeline monitoring, or compromising safety systems. The incident highlights the increasing convergence of IT and OT systems, where ransomware like Blue Locker can threaten not just data, but physical operations and supply chain stability across the entire energy sector.
– Bremanger Dam Sabotage — In Norway, the Bremanger Dam and its associated fish farm were compromised after attackers exploited a weak password protecting a web-accessible control panel. This vulnerability allowed unauthorized access to the operational technology (OT) environment, where the attackers manipulated valve controls at the Lake Risevatnet dam. The valves were fully opened, increasing water discharge by 497 liters per second above the mandated minimum flow.
The incident highlights the severe risks posed by unsecured remote access and poor authentication practices in critical infrastructure. Commenting on the growing threat landscape, Mike Hamilton, Field CISO at Lumifi Cyber, observed that cyberattacks on the water sector are escalating and are increasingly linked to nation-state operations rather than traditional criminal activity. “Iranian actors are known to specifically target operational technologies like programmable logic controllers used to open or close valves, monitor filtration, and control chemical injection,” Hamilton noted.
Following the Bremanger Dam cybersecurity incident, Beate Gangås, director of the Norwegian Police Security Service (PST), formally attributed the April cyberattack on Bremanger in western Norway to Moscow. “Over the past year, we have observed a shift in activity from pro-Russian cyber actors,” Gangås stated, describing the Bremanger incident as a clear example of this evolving threat.
“The goal of such operations is to influence public perception and sow fear and chaos among the population. Our Russian neighbour has become more dangerous,” she warned. On the day of the attack, the alleged perpetrators reportedly posted a three-minute video on Telegram, watermarked with the name of a pro-Russian cybercriminal group, claiming responsibility for the breach.
So, now that we’ve given you a proper Halloween scare, let’s talk about what can be done to protect your systems.
What Manufacturers Must Consider
The targeting of operational systems, critical infrastructure, and connected vehicle modules is expected to intensify in the coming years as threat actors increasingly weaponize artificial intelligence and advanced automation tools. To counter this, manufacturers must strengthen their defenses and build greater cyber resilience, protecting not only data and networks but the operational backbone that keeps modern industry moving.
Practical Cybersecurity Measures
Conducting a full forensic investigation is the first step in identifying the intrusion point and assessing any data compromise. While smaller manufacturers may lack the resources for a complete analysis, there are several practical measures that can significantly reduce risk:
1. Multi-Factor Authentication (MFA)
MFA adds a vital layer of security by requiring multiple verification factors before granting access. This dramatically reduces the likelihood of credential-based attacks and unauthorized logins.
2. Network Segmentation and Access Control
In industrial automation (IT/OT) environments, network segmentation divides systems into smaller, isolated zones with tightly controlled communication and access policies. This strategy reduces the overall attack surface, limits the lateral movement of threats, and ensures that a single breach does not compromise the entire operation. Systems requiring remote access should be protected behind a secure VPN or proxy, with all login activity closely monitored and logged.
3. Data Backup and Recovery
Regular backups are essential. Follow the 3-2-1-1-0 rule: keep at least 3 copies of your data, store 2 on different media, keep 1 off-site, maintain 1 offline, and ensure 0 backup errors through regular testing. Automate backups, test recovery processes frequently, and encrypt sensitive data both at rest and in transit.
4. Patch Management
Traditional IT patching methods often do not fit industrial control systems (ICS), which must run continuously and cannot easily tolerate downtime. Start with a complete asset inventory and vulnerability assessment, then prioritize updates based on system criticality and risk exposure. Apply patches first to systems that pose the highest risk or operational impact. A structured patch-management plan is critical for ongoing cyber vigilance.
5. Employee Awareness and Training
Human error remains the most common entry point for ransomware. Train employees to recognize and avoid suspicious emails, attachments, and downloads. Regular awareness programs can drastically reduce the number of successful phishing attempts.
6. Incident Response Planning
Develop and regularly update an incident response plan to ensure a rapid, coordinated reaction to ransomware or OT breaches. Even minor incidents should undergo a thorough post-mortem review to eliminate the persistence of attackers. Study major OT cybersecurity incidents and collaborate with national Computer Emergency Response Teams (CERTs) and law enforcement agencies to share intelligence and provide best-practice guidance.
Another important factor to consider is the growing wave of cybersecurity standards and government mandates reshaping industrial operations. For example, the EU’s NIS2 Directive introduces stricter cybersecurity requirements that now apply to a much wider range of organizations, including those in manufacturing, energy, and critical infrastructure.
To help companies prepare, Waterfall Security Solutions is hosting a webinar next week to help understand and implement the NIS2 directive. More information about the session can be found here.
Conclusion
The threats we have discussed may evoke a chill, but they are very real, not just for the world’s largest corporations, but for any organization operating legacy OT systems, industrial control networks, or converged IT/OT environments. While the nightmare is real, so is the opportunity to defend, adapt, and emerge stronger.
ADISRA takes cybersecurity seriously and remains deeply committed to staying informed about the latest threats and emerging trends in OT security. We believe that open dialogue and shared knowledge are key to strengthening the entire industrial community.
If you’d like to learn more about ADISRA’s products and how they can help secure your automation environment, you can:
To download ADISRA SmartView, click here.
If you would like to schedule a private demo to see ADISRA SmartView, InsightView, and/or KnowledgeView in action, click here.
Tips, Tricks, and Hidden Treasures in ADISRA SmartView
October 30th, 2025, at 9:30 am CDT/9:30 AM COT/2:30 pm GMT/9:30 pm WIB
Discover the hidden features inside ADISRA SmartView that can save you time, simplify your workflow, and make application development easier than ever. In this webinar, our expert will guide you through lesser-known tools, shortcuts, and best practices that are often overlooked but can significantly impact productivity and project success. Whether you are new to ADISRA SmartView or an experienced developer, you will come away with practical tips and tricks to build smarter, faster, and more efficient applications.
Secure your spot today: Register Here
ADISRA®, ADISRA’S logo, InsightView®, and KnowledgeView® are registered trademarks of ADISRA, LLC.
© 2025 ADISRA, LLC. All Rights Reserved.