Rising cyber threats to Australia's industrial sector demand urgent action

The cyber threat landscape for the Australian industrial sector is escalating, with ransomware, state-sponsored cyber activity, and remote access vulnerabilities driving security concerns.

Critical infrastructure operators in energy, water, manufacturing, and oil and gas face growing pressure from cybercriminals and nation-state groups exploiting exposed operational technology (OT) systems.

A growing threat

According to the 2025 Dragos OT Cybersecurity Report, threats to OT environments continue to intensify. Ransomware attacks and state-sponsored campaigns are surging, leaving industrial operators facing mounting challenges where inaction is not an option.

Industrial organisations are increasingly targeted by cybercriminals and state-backed adversaries seeking to disrupt operations, steal data and even cause physical damage. Two new OT-specific cyber threat groups, GRAPHITE and BAUXITE, have emerged this year. GRAPHITE focuses on oil and gas and logistics, while BAUXITE targets Australian industries, including water, energy and chemical manufacturing. These groups employ phishing campaigns, exploit known vulnerabilities, and deploy malware tailored for industrial environments.

Ransomware has resurged dramatically, with an 87% increase in attacks over the past year. Manufacturing accounts for over 50% of victims globally, and 69% of all ransomware attacks targeted 1171 entities across 26 manufacturing subsectors. Given the critical role of these industries, Australia must prepare for a worsening threat landscape.

The vulnerability problem

Despite the growing risks, many organisations still lack foundational cybersecurity measures. Insecure remote access, poor network segmentation and inadequate OT visibility remain major concerns. The report found that 65% of sites surveyed had insecure remote access conditions, with exposed default credentials and unpatched VPNs among the most common vulnerabilities. Additionally, 22% of identified vulnerabilities are perimeter-facing, making it alarmingly easy for attackers to infiltrate OT networks.

Many organisations still operate legacy systems that lack modern monitoring tools, and flat network structures allow attackers to move freely between IT and OT environments. These gaps underscore the urgent need for action.

We should also remember that a cyber attack on critical infrastructure doesn’t just affect one organisation; it can disrupt entire communities. Energy grids, water supplies and transportation systems are all at risk. For example, malware like FrostyGoop caused heating outages for over 600 buildings in Ukraine during sub-zero temperatures. While Australia has not yet experienced such large-scale incidents, the risk is real. The increasing reliance on industrial control systems makes us vulnerable to similar scenarios.

Strengthening cyber resilience

The best defence against this evolving threat is a proactive approach, and Australian organisations can take immediate steps to bolster security:

1. Invest in incident response readiness: Developing and regularly testing OT-specific incident response plans is critical. Cybersecurity teams and OT engineers should collaborate to recognise and respond to realistic and relevant threats effectively.
2. Build network resilience: Moving away from flat network designs and implementing network segmentation with properly managed firewalls can prevent attackers from moving laterally across IT and OT environments.
3. Enhance OT visibility: Many organisations fail to monitor their OT environments in real time. Deploying OT-specific monitoring and threat detection tools can help identify malicious activity before it escalates. Additionally, relying solely on reactive defences is no longer sufficient. Proactively hunting for threats allows organisations to detect adversaries before they can cause significant damage.
4. Secure remote access: Implement multi-factor authentication (MFA), patch vulnerabilities, and actively monitor remote access points. Limit access only to essential personnel and enforce stringent security protocols for contractors.
5. Prioritise vulnerability management: Not all vulnerabilities are equally dangerous, and many are irrelevant in an OT context. Adopt a ‘Now, Next, Never’ framework to prioritise remediation, focusing on the most immediate operational risks.

Turning the corner

Despite the concerning trends outlined in the report, there is room for optimism. Industrial organisations implementing proactive cybersecurity measures are already seeing improvement. Stronger segmentation, improved visibility, and robust incident-response capabilities make it harder for adversaries to operate undetected.

While ransomware attacks in Australia remain less frequent than in North America and Europe, accounting for 26 incidents or 1.5% of global attacks, this is largely proportional to population size. But we cannot afford complacency. Now is the time for organisations to prioritise OT security. By taking immediate action, Australia’s industrial sector can move toward a safer and more resilient future.

*Hayley Turner serves as the Area Vice President APAC at Dragos, overseeing the company’s strategy and growth in the region. She began her career with the Australian Government before moving to London to join a cybersecurity company. Hayley is passionate about protecting critical infrastructure and addressing the cybersecurity challenges that affect the operational networks supporting them.

Top image credit: iStock.com/metamorworks