Breaking Down the Dragos 2025 OT/ICS Cybersecurity Report: What Houston Energy & Manufacturing Companies Need to Know
Strengthening Industrial Resilience: Key Takeaways from the Dragos Report
The Dragos 2025 OT/ICS report logged 1,693 industrial ransomware attacks - and three in four that Dragos handled took operations offline. Here is what Houston energy and manufacturing should know.
Industrial ransomware is not just rising - it is increasingly taking operations offline, which for a factory or utility means real-world downtime.
Dragos specializes in operational technology - the systems that run factories, pipelines, and power grids. Its yearly report is the most-watched read on industrial threats, and the 2025 edition, covering 2024, describes attackers who now understand industrial operations and are willing to disrupt them. For Houston's energy and manufacturing base, that is not abstract.
The Headline Findings
More attacks, hitting harder, concentrated in North America.
Industrial ransomware rose 87% to 1,693 attacks, most causing operational shutdowns, with North America absorbing well over half.
Manufacturing was the single most-targeted sector, and the most active ransomware groups against industry were RansomHub, Fog, and LockBit3.0. Dragos also noted a worrying blend of hacktivism and ransomware, with politically motivated groups adding extortion to their playbook.
Who and What Is Attacking
New threat groups, new industrial malware, and vulnerabilities buried deep.
Dragos flagged two new OT threat groups and two new pieces of industrial malware - and most industrial vulnerabilities sit deep inside networks.
- New threat groups. Dragos added GRAPHITE and BAUXITE to its tracking - BAUXITE overlaps with the pro-Iran CyberAv3ngers persona - bringing the total to 23 groups, 9 of them active in OT during 2024.
- Purpose-built malware. Two new industrial malware families appeared, both tied to the Russia-Ukraine conflict: Fuxnet, which disrupted sensors in Moscow, and FrostyGoop, which altered controller readings and knocked out heating for over 600 apartment buildings in Ukraine during winter.
- Vulnerabilities run deep. Around 70% of industrial vulnerabilities sit deep in the network, and Dragos tracks 104 DLL hijacking flaws in industrial software - the kind that let attackers gain access and persist.
- Noisy advisories. Roughly 22% of vulnerability advisories contained incorrect data, making it harder for teams to prioritize the ones that matter.
The common thread: attackers increasingly understand industrial processes, not just IT - which is why generic security is not enough for OT.
How to Respond
Dragos points to five controls that do the most for OT.
The SANS ICS 5 Critical Controls give energy and manufacturing a focused, high-impact defense plan.
- OT incident response plan. A plan built for industrial systems - not a copy of your IT plan - that assumes attackers reach deep into operations.
- Defensible architecture. Annual attack-surface review, prioritizing the network gateways and remote-access points (VPN, RDP, SSH) attackers target first.
- OT visibility and monitoring. Monitoring built for industrial protocols, to catch the subtle moves before they cause damage.
- Secure remote access. Tight controls, logging, alerting, and MFA on vendor and remote access to OT.
- Risk-based vulnerability management. Prioritize the flaws that could cause loss of view or loss of control, not just the highest scores.
Run OT or ICS in the Houston Area?
CinchOps assesses your industrial attack surface, segments IT from OT, and adds OT-aware monitoring - so an 87% surge does not become your downtime.
Talk to CinchOpsIn IT, ransomware costs you data and time. In OT, it can stop a production line or a utility - which is why 75% of these incidents caused a shutdown. That is the difference energy and manufacturing owners have to internalize: the target is not just your files, it is your operations.
Security Built for Industrial Operations
CinchOps helps Houston-area energy and manufacturing businesses secure OT and ICS - attack-surface assessment, IT/OT segmentation, OT monitoring, and secure remote access - as part of our cybersecurity and managed IT services.
Explore CinchOps cybersecurity →How CinchOps Helps Secure Your Business
CinchOps is a Katy, Texas managed IT services provider serving businesses across the Houston metro, aligning industrial defense with the Dragos report's recommendations.
- OT security assessments. Finding exposed assets, vulnerable systems, and attack paths into your operations.
- IT/OT segmentation. Network design that stops lateral movement and contains an intrusion.
- OT-aware monitoring. Visibility into industrial protocols to catch anomalous behavior.
- Secure remote access. Logged, alerted, MFA-protected access for vendors and staff.
- OT incident response planning. Tested plans built for industrial recovery, not just IT.
Do not wait for a shutdown to build your OT defenses. Contact CinchOps to protect your industrial systems.
Frequently Asked Questions
What is the Dragos 2025 OT/ICS report?
It is Dragos's 8th annual OT/ICS Cybersecurity Year in Review, covering 2024. Dragos is an industrial-cybersecurity firm, and the report is widely regarded as the most detailed look at threats to operational technology and industrial control systems.
How much did industrial ransomware rise?
Ransomware against industrial organizations rose more than 87% year over year, with 1,693 attacks recorded. North America absorbed 58% of them, and manufacturing was the single most-targeted sector.
Why is OT ransomware more serious than IT ransomware?
Because it can stop physical operations. Of the ransomware incidents Dragos responded to, 75% caused at least a partial shutdown of operational technology and 25% a full shutdown - meaning halted production or disrupted services, not just lost files.
What are the new threats the report flagged?
Two new OT threat groups, GRAPHITE and BAUXITE (BAUXITE linked to the pro-Iran CyberAv3ngers), and two new industrial malware families, Fuxnet and FrostyGoop, both connected to the Russia-Ukraine conflict. FrostyGoop knocked out heating for over 600 apartment buildings in Ukraine.
How should industrial businesses respond?
Dragos recommends the SANS ICS 5 Critical Controls: an OT-specific incident response plan, defensible architecture, OT visibility and monitoring, secure remote access with MFA, and risk-based vulnerability management focused on loss of view or control.