Cyber Threats Rising: US Critical Infrastructure Under Increasing Attack in 2025

As we enter 2025, the frequency and sophistication of cyberattacks on critical national infrastructure (CNI) in the US are rising at an alarming rate. These attacks target the foundational systems that support everything from energy and water to transportation and communications, and the consequences are far-reaching and potentially catastrophic. They impact not just the operations of these services but also the very way of life for affected populations.

The Deadly Cost of Ignoring OT Security

Critical infrastructure attacks are particularly egregious because they have cascading effects. When a malicious actor compromises a power grid, water supply, or communication network, the impact can ripple across multiple sectors.

Antonio Sanchez, Principal Cybersecurity Evangelist at Fortra, explains that the disruption of essential services, especially in such sensitive sectors, is akin to cyber-terrorism. “Successful attacks on critical infrastructure affect the way of life for that region,” he says. These attacks are not about isolated disruptions; they are deliberate and designed to cause widespread harm, often with financial or political motives.

In the past, critical infrastructure systems were separated from the internet in what is known as air-gapped environments, which were considered secure. However, the growing trend toward integrating Operational Technology (OT) with Information Technology (IT) to reduce management costs has created new attack surfaces for malefactors.

Sanchez emphasizes that these systems must maintain strict segmentation to limit access. “Organizations need to ensure they segment the network and separate IT from OT assets,” he advises.

Critical Infrastructure in the Crosshairs

The number of attacks on critical infrastructure in the US has surged in recent years. The public and private sector entities are facing a surging flood of high-profile threats. For example, we’ve seen attacks on energy grids, water systems, and transportation networks that have disrupted daily operations and raised national security concerns. Experts are predicting that this trend will only intensify in 2025.

As technology progresses, there’s a corresponding progression in tactics used by malefactors. Adversaries are becoming more sophisticated, using highly cunning, targeted methods to infiltrate networks, perform reconnaissance, and remain undetected for extended periods of time.

One of the most notorious groups behind a slew of attacks is Volt Typhoon, a Chinese state-sponsored threat actor. Bob Erdman, Associate Vice President, Research & Development at Fortra, describes Volt Typhoon’s motivations as geopolitical, claiming its aim is to compromise critical infrastructure in the United States and other Western countries to preposition access and maintain persistence with the assumed goal of being able to quickly launch attacks and create chaos if the geopolitical landscape changes.

Hidden Breaches and Shadow Attackers

Volt Typhoon’s tactics are a vivid demonstration of the evolving nature of critical infrastructure threats. The group doesn’t rely on traditional malicious cod, which is more easily detectable. Instead, its approach focuses on maintaining long-term, stealthy access to targeted systems.

Erdman explains, “Volt Typhoon does not typically rely on malware or ransomware as their objectives appear to be long and quiet persistence. They exploit unpatched vulnerabilities in publicly facing systems like firewalls, VPNs, and web servers to gain access.”

After the Storm, the Fallout

Recent attacks on US critical infrastructure have had unforgettable repercussions. One of the most publicized attacks was the Colonial Pipeline breach in 2021, which led to a widespread fuel shortage across the southeastern parts of the country. The attack, attributed to the DarkSide ransomware gang, laid bare the vulnerabilities in critical energy infrastructure and shone a light on the dire risks posed by cyberattacks on the nation’s energy systems.

Similarly, the 2023 hack of US water systems was another wake-up call. Threat actors gained unauthorized access to a water treatment plant in Florida, attempting to alter chemical levels in the water supply. Luckily, the attack was uncovered before any real harm could happen. However, it was a harsh wake-up call to the vulnerability of utility systems to external threats.

The fallout from these attacks includes financial losses, national security concerns, and general public distrust in the ability of governments and private companies to protect critical infrastructure. In the case of the Colonial Pipeline attack, for example, the company coughed up a ransom of $4.4 million, and the US government had to intervene to manage the crisis.

Lessons from the Frontlines

From these and other attacks, there are key lessons for public and private sector entities that manage critical infrastructure:

1. Segmentation and Isolation: As Sanchez mentioned, IT and OT systems must be segmented to prevent unauthorized access. This is crucial in reducing the attack surface and limiting the damage in case of a breach.
2. Patch Management: Erdman stresses the importance of patching vulnerabilities in publicly facing systems. Attackers often exploit unpatched systems to gain initial access, making timely patching and updates essential for defense.
3. Incident Response and Training: Cybersecurity teams must be prepared for the worst. Running tabletop exercises and having detailed response plans in place can make a significant difference in minimizing the impact of an attack.
4. Third-Party Penetration Testing: External experts can help identify vulnerabilities that internal teams may overlook. Regular penetration testing and adversary simulations can help organizations strengthen their defenses.

All Eyes on 2025

As we look ahead to 2025, several trends are rearing up in the world of cyberattacks on critical infrastructure:

Increased State-Sponsored Attacks: As geopolitical tensions rise, we can expect state-sponsored threat actors to have critical infrastructure in their crosshairs. Their goal is often not immediate disruption but rather long-term access and to prepare for future conflicts.

Sophisticated Attack Methods: Attackers will continue to refine and hone their tactics, using tools that enable them to fly under the rader for longer periods. They will exploit unpatched externally facing systems, use hands-on keyboard to maintain persistence and remain stealthy, says Erdman.

The Internet of Things (IoT) and Critical Infrastructure: The skyrocketing adoption of IoT devices in critical infrastructure is a whole new smorgasbord of opportunities for bad actors. These devices often have security slapped on as an afterthought instead of built-in from the ground up, making them prime and easy targets for exploitation.

Cloud Migration Risks: As more critical infrastructure moves to cloud environments, the risk of cyberattacks soars. While cloud services offer scalability and cost savings, they also shatter the traditional perimeter and open up new vectors for potential breaches.

A Matter of National and Public Safety

The trend of rising cyberattacks on US critical national infrastructure in 2025 is a clear and present danger to national security and public safety. Malicious actors and state-sponsored groups have deep pockets and evil intentions and are growing increasingly sophisticated in their approach. They will exploit every possible vulnerability in IT and OT systems to get a foot in the door and maintain persistent access to critical networks.

To mitigate these risks, entities across the board must prioritize cybersecurity measures such as network segmentation, patch management, incident response planning, and regular security testing. As the threat landscape evolves, so must the industry’s strategies for defending against these deadly, sophisticated attacks.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.