Attacks using OT protocols surge by 84%, led by Modbus (57%), Ethernet/IP (22%), and BACnet (8%).

PowerShell was the primary attack vector with 96,061 detections by Trellix, followed by Cobalt Strike with 85,986 detections targeting the IT-to-OT boundary.

There were 333 ransomware attacks detected by Trellix specifically targeting critical infrastructure sectors from April 1 to September 30, 2025.

Transportation and shipping ranked second in detections by Trellix, accounting for 27.6% of all threats detected from April 1 to September 30, 2025.

The utilities, energy/oil and gas, and aerospace and defense industries combined accounted for 21.5% of all detections by Trellix between April 1 to September 30, 2025.

Manufacturing represented 41.5% of all Trellix detections of threats targeting operational technology from April 1 to September 30, 2025.

The average time from vulnerability disclosure to patch deployment in operational technology environments exceeds 180 days, compared to 30 days for traditional IT systems.