CPS Attack Trends: How opportunistic attackers target assets

Cyberattacks on critical infrastructure are shifting from highly targeted operations to opportunistic, large-scale compromises of internet-facing assets. Recent research highlights the rise of “drive-by” attacks, where threat actors exploit exposed systems using simple, widely available tools to disrupt sectors such as manufacturing, water, and energy.

Findings from over 200 real-world incidents reveal how attackers identify vulnerable devices, leverage insecure protocols, and target high-risk systems like HMI and SCADA environments. The analysis also connects these activities to geopolitical patterns and evolving threat strategies. Practical guidance is provided to help organizations reduce exposure, including improving credential security, strengthening network segmentation, and addressing commonly exploited weaknesses in industrial environments.