WASHINGTON — The first quarter of 2026 has seen a dramatic escalation in cyberattacks targeting critical infrastructure, with security researchers documenting a 40% increase in sophisticated intrusions compared to the same period last year, according to a joint report released Tuesday by leading cybersecurity firms.
The report, compiled by CrowdStrike, Mandiant, and Microsoft's threat intelligence division, identifies energy grids, water treatment facilities, and healthcare systems as the primary targets. Perhaps most alarming, analysts detected a 67% increase in attacks that successfully penetrated operational technology networks — the systems that control physical infrastructure.
"We're seeing adversaries becoming bolder and more sophisticated," said George Kurtz, CEO of CrowdStrike. "The dwell time between initial compromise and detection has dropped, which is good news, but the speed at which attackers can cause damage has increased dramatically."
The report attributes much of the surge to three state-sponsored advanced persistent threat (APT) groups operating from Russia, China, and North Korea. These actors have increasingly shared tactics and tools, creating what analysts describe as a "marketplace of capabilities" that makes attribution more difficult.
Ransomware attacks, while not new, have evolved in concerning ways. The report documents the emergence of "dual extortion" tactics, where attackers not only encrypt data but threaten to release sensitive information publicly if ransom demands are not met. Average ransom payments have climbed to $2.2 million, up from $1.4 million in 2025.
"The economics of ransomware continue to favor attackers," said Sandra Joyce, head of global intelligence at Mandiant. "Until that calculus changes — through better defenses, international cooperation, or cryptocurrency regulation — we should expect the threat to grow."
In response to the escalating threat, the Cybersecurity and Infrastructure Security Agency (CISA) announced new mandatory reporting requirements for critical infrastructure operators, who must now disclose breaches within 72 hours. The agency also released updated guidelines for securing operational technology networks.
Private sector spending on cybersecurity is projected to reach $188 billion globally this year, yet security experts warn that investment alone cannot address the fundamental challenge: a global shortage of approximately 3.5 million skilled cybersecurity professionals.