The cybersecurity posture of the U.S. oil and gas sector has come under renewed scrutiny following Operation Epic Fury, with a new independent survey revealing a disconnect between operator confidence and actual operational technology (OT) security capabilities. While companies across the upstream and midstream energy segments have accelerated cybersecurity investments since the February 28 launch of Operation Epic Fury, the findings suggest many organizations may still lack the tools needed to identify real-time cyber threats targeting OT environments.  The independent survey, conducted on behalf of Tosi, examined the views of OT decision makers across U.S. oil and gas operators. The research found that most respondents believe they can detect an active OT cyber breach within 24 hours. However, the same OT decision makers acknowledged relying heavily on systems and processes not specifically designed to monitor OT infrastructure.  According to the survey data, 87 percent of operators rated themselves as confident in their ability to detect an OT breach within a day, assigning their organizations a score of four or five on a five-point confidence scale. Despite that confidence, 51 percent said their detection capabilities primarily depend on IT security tools that provide only limited visibility into OT-specific network traffic.  Another 27 percent of respondents said they would depend on field operators or technicians identifying irregularities manually, while only 16 percent reported using continuous OT monitoring as the primary basis for cyber threat detection. Sakari Suhonen, CEO of Tosi U.S., warned that this gap represents a major vulnerability for the energy sector in the wake of Operation Epic Fury.  “This is the most consequential blind spot in U.S. energy infrastructure right now,” Suhonen said. “The sector has the budget, the executive attention, and the will to act. What it does not yet have is detection that actually sees OT. After Operation Epic Fury, that distinction is the difference between catching an intrusion in hours and finding out about it from a production outage.” 

Operation Epic Fury Drives Rapid OT Security Spending 

The independent survey was fielded in April 2026, approximately six weeks after Operation Epic Fury began. Researchers noted that the speed of the sector’s response has been unusually aggressive compared to previous cybersecurity cycles.  One of the clearest trends identified by OT decision makers involved changing perceptions of cyber risk. Sixty-three percent of surveyed operators said cyber risk is now higher than it was before February 28, with 13 percent describing the increase as significant.  Respondents identified several key factors contributing to elevated risk levels, including growing convergence between IT and OT systems, increased targeting of energy infrastructure by state-sponsored cyber actors, and expanding dependence on third-party remote access technologies.  The independent survey also showed that emergency cybersecurity funding is already being deployed. Ninety-four percent of operators said they had either approved or were actively reviewing unplanned OT security spending linked directly to the post-Operation Epic Fury threat landscape. Among OT decision makers surveyed, 95 percent expect OT cybersecurity budgets to increase over the next 12 months, while one in four anticipated budget growth exceeding 20 percent. 

OT Decision Makers Prioritize Detection and Visibility 

The survey findings indicate that OT decision makers are placing greater emphasis on visibility and detection capabilities rather than traditional perimeter security tools.  When respondents were asked to identify the single most important OT security capability to improve over the next year, 22 percent selected continuous monitoring and anomaly detection. Another 20 percent pointed to OT-specific incident detection and response solutions.  Additional priorities included asset discovery at 15 percent and OT-specific secure remote access at 14 percent. Combined, detection, visibility, and remote access technologies accounted for 71 percent of all named priorities among surveyed OT decision makers.  At the same time, operational disruptions linked to cybersecurity incidents appear widespread throughout the sector. According to the independent survey, 99 out of 100 operators reported experiencing at least one category of cyber incident since February 28.  Ransomware affecting OT-connected systems impacted 48 percent of operators surveyed, while another 48 percent reported precautionary OT shutdowns triggered by incidents originating on the IT side of operations. 

Human Challenges Continue to Slow OT Security Progress 

Despite the increase in cybersecurity spending following Operation Epic Fury, many organizations continue to struggle with internal operational barriers. The independent survey found that 45 percent of operators consider the cultural divide between IT and OT teams to be the single largest obstacle preventing faster cybersecurity improvements. Respondents said IT security personnel often lack the specialized expertise required to secure OT environments effectively.  Operational risk aversion ranked as the second-largest barrier at 28 percent. By contrast, only 11 percent of respondents identified budget constraints as a major challenge, marking a notable change from previous industry research in which financial limitations consistently ranked as the top concern for OT decision makers.  The findings emerge amid continuing warnings from federal authorities regarding Iran-aligned cyber activity targeting Western critical infrastructure after Operation Epic Fury. On April 7, six U.S. federal agencies — including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Energy — issued joint advisory AA26-097A. The advisory confirmed that Iranian-affiliated threat actors were actively disrupting programmable logic controllers across U.S. energy, water, and government sectors, resulting in operational disruptions and financial losses.  The Railroad Commission of Texas later issued a parallel warning to operators on April 10. According to Tosi, the independent survey represents the first dataset quantifying how the oil and gas sector itself is responding to the cybersecurity environment created by Operation Epic Fury. Suhonen said the industry’s next decisions regarding OT security investments will determine whether organizations close existing detection gaps or reinforce systems that remain ineffective for OT environments.  “The next twelve months will see oil and gas spend more on OT security than in the previous several years combined,” Suhonen said. “That spend will land in one of two places. It will close the detection gap with OT-native monitoring, asset visibility, and purpose-built secure remote access. Or it will deepen the IT-tool stack that operators have already told us they cannot see what they need it to see. The data is unambiguous about which path the market needs to take.” 

The post Critical 9.8 CVSS Flaws in Qualcomm Chipsets Enable Remote Takeover appeared first on Daily CyberSecurity.

The post The Tadashi Files: Inside the xlabs_v1 Botnet Targeting 4 Million Android Devices appeared first on Daily CyberSecurity.

The paradox of edge security describes how technologies designed to strengthen network defenses can also create new vulnerabilities. Edge devices improve performance and support localized threat detection by processing data closer to its source, yet modern enterprise environments often operate thousands of distributed endpoints. This rapid expansion of edge infrastructure increases the number of systems..

The post Addressing the Edge Security Paradox appeared first on Security Boulevard.

The post The Global Surge in Modbus/TCP Probes Targeting Our Physical World appeared first on Daily CyberSecurity.

The post Unpatched and Exposed: Public PoC Released for Critical 9.8 CVSS Xiongmai IP Camera Flaw appeared first on Daily CyberSecurity.

The post Command Injection Vulnerability (CVE-2025-29635) Exploited in the Wild appeared first on Daily CyberSecurity.

The post Nexcorium Botnet Turns Unpatched DVRs into DDoS Foot Soldiers appeared first on Daily CyberSecurity.

The post RondoDox Botnet Hijacks Everything from IoT to Fortnite appeared first on Daily CyberSecurity.

The post ZionSiphon: The “Defanged” Malware Aiming for the Water Supply appeared first on Daily CyberSecurity.

The post Hijacking the Soundboard: Critical 9.8 RCE Flaws Hit Ubiquiti UniFi Play Audio appeared first on Daily CyberSecurity.

The post Inside the Masjesu IoT Botnet’s 3-Year Stealth Reign appeared first on Daily CyberSecurity.

The post Critical Alert: Iranian-Affiliated Actors Target U.S. Infrastructure via Industrial Control Systems appeared first on Daily CyberSecurity.

A new U.S. government advisory has raised fresh concerns over Iranian-affiliated APT targeting PLCs, warning that cyberattacks are now moving beyond data theft into direct disruption of industrial systems. Issued on April 7, 2026, the joint alert from the FBI, CISA, NSA and other agencies confirms that Iran-linked threat actors are actively exploiting internet-facing programmable logic controllers (PLCs), with incidents already impacting multiple critical infrastructure sectors. This is not a theoretical threat. According to the advisory, several organizations have experienced operational disruptions and even financial losses after attackers interfered with industrial processes.

From Network Access to Operational Disruption

What makes this campaign stand out is its intent. The Iranian-affiliated APT targeting PLCs activity is not focused on espionage, it is designed to disrupt. Attackers have been manipulating PLC project files and altering data displayed on human machine interface (HMI) and supervisory control and data acquisition (SCADA) systems. In practice, this means operators could be relying on inaccurate data while underlying processes are being changed in real time. The affected sectors include government services, water and wastewater systems, and energy, areas where even minor disruptions can have significant downstream impact. [caption id="attachment_111119" align="aligncenter" width="600"] Image Source: FBI[/caption]

How the Attacks Are Carried Out

The entry point is often simple: internet exposure. The advisory notes that attackers are scanning for publicly accessible PLCs, particularly models such as CompactLogix and Micro850—and connecting to them using legitimate engineering tools like Studio 5000 Logix Designer. Once inside, the activity becomes more deliberate. Threat actors extract configuration files, modify logic, and establish persistence. In some cases, they deploy tools like Dropbear SSH to maintain remote access through port 22. The attacks rely on commonly used industrial communication ports, including 44818, 2222, 102, 22, and 502, allowing malicious traffic to blend in with normal OT operations. Investigators also observed the use of overseas IP addresses and leased third-party infrastructure, suggesting a coordinated and sustained effort rather than opportunistic scanning.

A Campaign That Has Been Building Over Time

The current activity is not happening in isolation. U.S. agencies link it to earlier Iran-aligned operations, including campaigns attributed to the CyberAv3ngers group that targeted PLCs in 2023. What has changed is the persistence. The latest advisory tracks activity spanning from at least January 2025 through March 2026, with ongoing incidents reported as recently as March. Officials suggest the escalation may be tied to broader geopolitical tensions, but the technical pattern is clear: industrial control systems are becoming a repeated target.

Exposure and Weak OT Security

The Iranian-affiliated APT targeting PLCs campaign exposes a long-standing weakness in critical infrastructure, too many industrial devices remain directly accessible from the internet. In many cases, attackers did not need sophisticated exploits. They gained access because systems lacked basic protections like network segmentation, strong authentication, or restricted remote access. The result is a dangerous scenario where adversaries can move from initial access to operational control with relatively little resistance.

What Organizations Are Being Urged to Do

The advisory calls for immediate action, starting with visibility. Organizations are urged to review logs for suspicious traffic, especially connections originating from overseas infrastructure, and check for unusual activity on key OT ports. More broadly, the guidance reinforces a set of practical steps: removing PLCs from direct internet exposure, routing access through secure gateways, enabling stronger authentication controls, and maintaining offline backups of PLC logic and configurations. In some cases, even operational settings matter, such as ensuring controllers remain in “run” mode to prevent unauthorized remote changes.

A Shift in Cyber Threat Priorities

The bigger takeaway is the shift in attacker focus. By targeting PLCs, threat actors are going straight to the systems that control physical processes. This marks a move from cyber intrusion to potential real-world disruption. The advisory also highlight the role of manufacturers, urging a stronger push toward “secure-by-design” systems that are not exposed by default. For now, the warning is clear: as long as industrial systems remain exposed, campaigns like Iranian-affiliated APT targeting PLCs are likely to continue, and could become more disruptive over time.

The post Smart Home Alert: Critical Flaws Exposed in TP-Link Tapo Security Cameras appeared first on Daily CyberSecurity.

In this episode, Tom Eston and co-host Scott Wright discuss research showing that Tire Pressure Monitoring Systems (TPMS) can create privacy risks because the sensors broadcast unencrypted, uniquely identifying wireless signals that could be used to track vehicles. They reference a 10-week study by researchers at IMDEA in Madrid that collected about 6 million signals […]

The post The Hidden Tracking Risk Inside Your Tires appeared first on Shared Security Podcast.

The post The Hidden Tracking Risk Inside Your Tires appeared first on Security Boulevard.

💾

Industrial systems face rising cyber threats as OT security lags modernization. A new survey reveals widespread breaches and growing risks to critical infrastructure.

The post Industrial Systems Under Siege: 77% of OT Environments Suffer Cyber Breaches appeared first on TechRepublic.

Frederick the Great warned us centuries ago: “He who defends everything, defends nothing.” Yet in 2026, most enterprise networks are still in the same flat network soup: EMR systems, payroll databases, industrial controllers, and guest WiFi all share the same corridor. We keep building higher fortifications. In 2026, The Prevention-First Cybersecurity Strategy Is Just a […]

The post Cybersecurity’s Maginot Line Is Crumbling. The Future Belongs to Integrated Microsegmented Digital Fortresses. appeared first on ColorTokens.

The post Cybersecurity’s Maginot Line Is Crumbling. The Future Belongs to Integrated Microsegmented Digital Fortresses. appeared first on Security Boulevard.

Microsoft’s March Patch Tuesday fixes 78 vulnerabilities, including Office preview pane flaws, an Excel Copilot data leak risk, and an AI-discovered 9.8 severity bug.

The post Patch Alert: Microsoft Fixes Nearly 80 Bugs, Including Critical Office Flaws appeared first on TechRepublic.