The manufacturing sector has emerged as a prime target for cyber attackers in 2024, with a staggering 71% surge in active threat actors compared to the previous year, according to a recent report by Forescout Technologies.
Between 2024 and the first quarter of 2025, 29 threat actors were actively targeting this critical infrastructure sector, with a significant focus on operational technology (OT) systems.
Rising Threats in a Critical Industry
Among these, state-sponsored groups such as APT28, Volt Typhoon, and Emperor Dragonfly have intensified their efforts, blending espionage with disruptive tactics.
Their attacks often aim at industrial control systems (ICS) and OT environments, exploiting the sector’s increasing reliance on interconnected technologies like industrial IoT, 5G, and AI, which widen detection gaps and introduce complex security challenges.
The Forescout analysis reveals a disturbing trend of prolonged attacker dwell times, allowing threat actors to maintain access within compromised networks for extended periods before detection.
State-sponsored groups are not only focusing on strategic intelligence gathering but also deploying ransomware like RA World to cause operational disruption, often aligning their activities with geopolitical motives.
Alongside these sophisticated actors, cybercriminals, particularly ransomware gangs under the Ransomware-as-a-Service (RaaS) model, dominate with 79% of attackers identified as such, and 45% specifically tied to ransomware operations.
Evolving Tactics
RansomHub stands out as the most active, claiming 78 victims and executing massive data exfiltration events, stealing over 3.3 terabytes of sensitive data, including intellectual property and personal information.
Meanwhile, hacktivist groups like Handala and Cyber Army of Russia Reborn are adopting ransomware tactics to amplify disruption, further complicating the threat landscape.
According to the Report, attackers are also leveraging legitimate cloud services for data exfiltration to evade security controls, alongside custom malware like RansomHub’s Betruger backdoor and living-off-the-land techniques to minimize detection.
The abuse of remote monitoring and management (RMM) tools for persistence and command execution, coupled with endpoint detection and response (EDR) bypass tools like KillAV and TrueSightKiller, showcases a clear shift from traditional obfuscation to advanced evasion strategies.
Forescout’s report, based on the analysis of 17 cyber incidents, highlights the exploitation of vulnerabilities in VPNs, remote access solutions, and file transfer applications as common entry points, often facilitated by Initial Access Brokers.
As manufacturing organizations adopt emerging technologies, risks tied to cloud misconfigurations are expected to rise, alongside targeted attacks on OT assets due to their architectural vulnerabilities.
Looking ahead, the volume of attacks is projected to remain high, fueled by the expanding RaaS ecosystem that lowers the barrier for launching sophisticated campaigns.
Geopolitical influences are also anticipated to shape attacker behavior, with both state-backed and hacktivist groups likely focusing on critical manufacturing sub-sectors tied to national infrastructure.
To counter these evolving threats, Forescout urges manufacturers to adopt proactive security measures, including comprehensive asset inventories, IT-OT network segmentation, robust threat intelligence, and immutable backups.
Without such strategies, the sector risks severe operational and financial impacts from these relentless and increasingly complex cyber threats.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
Source link
