Report by Trellix

Operational Technology Threat Report

6 FINDINGSPublished Nov 18, 2025
View Original Report →

Key Findings

Transportation and shipping ranked second in detections by Trellix, accounting for 27.6% of all threats detected from April 1 to September 30, 2025.

TrellixOperational Technology Threat Report·Nov 18, 2025
Operational technologyTransportationShipping

Manufacturing represented 41.5% of all Trellix detections of threats targeting operational technology from April 1 to September 30, 2025.

TrellixOperational Technology Threat Report·Nov 18, 2025
Operational technologyManufacturingOperational technology

The utilities, energy/oil and gas, and aerospace and defense industries combined accounted for 21.5% of all detections by Trellix between April 1 to September 30, 2025.

TrellixOperational Technology Threat Report·Nov 18, 2025
Operational technologyUtilitiesEnergyOilGas

PowerShell was the primary attack vector with 96,061 detections by Trellix, followed by Cobalt Strike with 85,986 detections targeting the IT-to-OT boundary.

TrellixOperational Technology Threat Report·Nov 18, 2025
Operational technologyPowerShell Cobalt StrikeITOT

The average time from vulnerability disclosure to patch deployment in operational technology environments exceeds 180 days, compared to 30 days for traditional IT systems.

TrellixOperational Technology Threat Report·Nov 18, 2025
Operational technologyVulnerability disclosurePatch deploymentIT

There were 333 ransomware attacks detected by Trellix specifically targeting critical infrastructure sectors from April 1 to September 30, 2025.

TrellixOperational Technology Threat Report·Nov 18, 2025
Operational technologyRansomwareCritical infrastructure