Mike Hoffman, Field CTO for Oil & Gas, Dragos 
As geopolitical lines harden, we are seeing a clear correlation between regional kinetic conflict and a surge in cyber threats targeting Operational Technology (OT) environments.
For industrial organisations in Australia and across Asia-Pacific, now is the time to strengthen resilience against an evolving breed of adversaries who view critical infrastructure as a viable and valuable target.
Recent kinetic attacks on critical infrastructure assets, particularly in the oil and gas sector across the Middle East, highlight the accelerating convergence of physical and digital warfare. Damage to large-scale processing facilities and disruptions to liquefied natural gas operations demonstrate how localised physical incidents can cascade into global supply chain shocks, with direct consequences for global markets.
However, the threat extends well beyond physical damage.
We are currently tracking a significant rise in GPS spoofing and jamming attacks. These tactics are designed not only to disrupt the location services but also the precise time synchronisation that industrial control systems and supervisory control and data acquisition networks rely on to operate safely. When time integrity is compromised, the control and safety mechanisms protecting highly volatile industrial processes are placed at serious risk.
At the same time, the adversary groups are rapidly advancing their capabilities, moving beyond opportunistic disruption to highly coordinated, destructive operations. The threat group Bauxite illustrates this – once associated with basic hacktivism, it now demonstrates capabilities aligned with nation-state actors, including the deployment of wiper malware designed to destroy data and halt operations at scale.
Similarly, MuddyWater is expanding its geographic reach. Previously focused on the US and Israel, the group is now increasing reconnaissance and targeting activity across allied nations. Meanwhile, PYROXINE is leveraging AI-driven social engineering techniques to steal credentials, often targeting hypervisor systems to bridge the gap between traditional IT networks and sensitive OT environments.
Some security leaders may assume that geographic distance offers a buffer from the conflict. This is a dangerous misconception, given the borderless nature of digital networks, which means adversaries can exploit weaknesses in corporate IT systems to access sensitive OT data.
Once attackers obtain the blueprints of an industrial environment, they can quickly move from corporate networks to operational systems, regardless of physical location. In an interconnected global economy, distance provides no protection when attackers can move laterally through supply chains.
Responding to this escalation requires immediate and practical changes.
-
First, organisations must ensure that GPS-sourced network time protocol servers incorporate internal reference clocks capable of detecting and mitigating spoofing or jamming attempts. Strong data loss prevention controls are also critical to stop adversaries from mapping OT environments via compromised IT systems.
-
Second, incident response plans must be strengthened and regularly tested. This includes preparing for large-scale operational disruption and validating backup and restoration processes to withstand attacks, such as ransomware.
-
Third, OT architectures must be hardened. That means eliminating internet-exposed edge devices, strictly validating communications between IT and OT environments, and securing remote access through multi-factor authentication, strict identity controls, and video session recording. Continuous monitoring across OT networks and hosts should be treated as standard defensive activities.
-
Finally, vulnerability management must be prioritised, with aggressive patching of edge devices to close off common entry points.
The fallout from the Middle East tensions is reshaping the global threat landscape for critical infrastructure, and passive defence is no longer sufficient.
Organisations must adopt a proactive posture, conducting threat hunts based on current intelligence, enhanced monitoring to detect adversarial behaviour, and taking decisive steps to secure industrial environments.
The intelligence and the tools already exist. What’s required now is urgency and focus.
When all's said and done, the resilience of the critical services our societies depend on will be determined by the actions we take today.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.