• 68153290a40e705e07ec9e8a Manufacturing Cybercrime 2024 Summary

    Manufacturing Still Leads Other Industries in Total Cybersecurity Incidents

    May 7, 2025
    A lack of major reported breaches last year doesn’t mean cybercriminals have slowed up attacks on manufacturers. According to reports from IBM and Verizon, the problem’s actually worse than ever.

    Don’t get lulled into a false sense of cybersecurity just because you’re not hearing about manufacturers hammered with production losses or paying out massive ransomware demands. Threat actors are out there and waiting for you to lower your guard.

    In 2023, Boeing refused a ransomware demand and the malware gang LockBit published sensitive data on the dark web. Dole’s systems got hacked and led to their shutting down North American operations. And, of course, Clorox posted a 20% decline in net sales in its Q1 2024 earnings owing to arguably the worst cyberattack against a manufacturer in 2023.

    Last year, on the other hand, was quiet when it came to manufacturing and cybercrime. If you head over to BleepingComputer and check out the list of biggest cyberattack stories last year, the closest you get to a manufacturing-related incident was the CDK Global attack upon car dealerships that affected dealers for Stellantis, Ford and BMW.

    But that’s because we only hear about the big attacks. Two recently-released annual cybersecurity reports, IBM’s X-Force Threat Intelligence Index and Verizon’s Data Breach Investigations Report (DBIR),  repeated warnings about the dangers manufacturers face from cybercriminals.

    “Only publicly traded companies have to report breaches, and only when material. That could create some of the disconnect in terms of what you’re reading in the news and what’s actually occurring across that sector,” says Chris Caridi, cyber threat and strategic threat analyst at X-Force.

    X-Force to the Rescue

    This year’s Threat Intelligence Index says threat actors have broadened the scale of their cybercriminal activities, taking advantage of reliance on interconnectivity and common services. Third-party cybersecurity becomes more relevant than ever in today’s environment. Supply chain becomes the broad attack surface.

    • The report specifies manufacturing as the number one targeted industry for the fourth year in a row, citing outdated legacy technology as the chief vulnerability.
    • The Asia-Pacific region, a supply chain hub for so many companies, saw the largest share of manufacturing-related incidents at 56%.
    • Nearly a third of attacks studied for the report involved use of valid account credentials—employees are your biggest cybersecurity threat.

    In other words, it’s mostly business as usual on the cybersecurity front. What changed according to the report, however, is the rise of the “infostealer,” malicious software that sits quietly in the background siphoning data (like login credentials) to serve as ammunition for future attacks.

    The report says threat actors now use generative AI to increase the effectiveness of phishing attacks. GenAI also serves as an excellent tool to build fake websites. And AI tech carries its own suite of vulnerabilities for threat actors to discover and leverage. As companies increasingly adopt AI, they may inadvertently broaden their attack surfaces.

    Threat actors increasingly use cloud hosting services for phishing campaigns. What’s the number one, best way to identify a phishing email? Look at who sent it. An email from [email protected] probably wasn’t written by someone with a legit need to get your username and password.

    But what if instead of hailing from “badserver.com” the email comes from a cloud hosting service with a familiar URL? Just by making sure the name of the person from whom you received the email doesn’t seem suspicious, the threat actor just increased the chances of an unaware employee clicking through a link, logging into a fake company website and handing over the keys to the kingdom.

    ransomware_payment_screen

    More Ransomware, Cheaper Ransoms

    Verizon’s report cites credential abuse as responsible for 22% of cyberattacks in 2024, less than as reported by X-Force but still the No. 1 attack vector. Exploitation of vulnerabilities came in close behind at 20%.

    • Ransomware was involved in 44% of all breaches, up from 32% last year
    • The median ransomware amount dropped from $150,000 to $115,000, though 64% of victim organizations (like Boeing) didn’t pay up
    • 60% of breaches involved a human element
    • 30% of breaches involved a third party, up from 15% in 2023
    • 81% of those breaches led to system intrusions (third parties create highways that feed straight into your servers)

    The Verizon report also warns security professionals to be on the lookout for better phishing, thanks to GenAI use by threat actors – synthetically generated text appearing in phishing emails twice as often as last year. Using the GenAI platforms themselves still represented the larger threat from the technology. Just using the tools increases the attack surface.

    On manufacturing specifically:

    • 1st place for total incidents last year
    • 2nd (behind “other”), at 17%, for top victims by industry of ransomware attacks
    • Data breaches doubled from last year
    • 20% of manufacturing breaches were related to espionage (but Verizon notes that differences in data sets, i.e. which organizations donate data for the report, could account for this)
    • 47% of manufacturing breaches involved ransomware

    So Where Are the Hacks?

    Both reports make clear the continuing popularity of manufacturing as a primary target for threat actors. So why did we hear nothing about major attacks last year?

    “While 2024 also brought several high-profile breaches in the manufacturing sector – such as the ransomware attack at CDK global – these events were overshadowed by the focus on massive breaches in other sectors, including across telecommunications and healthcare. Compared to 2023, when breaches like Clorox dominated headlines, manufacturing-targeted threats in 2024 remained persistent but received less attention,” Caridi says.

    Charles Henderson, executive vice president of cyber security services at Coalfire (and former leader of the X-Force team at IBM), cites stealth as a possible reason why last year sounded quiet but probably, actually wasn’t.

    “An important thing to note is that if a company doesn’t know they’ve been hacked, they won’t be reporting an incident. Most nation-states are sufficiently sophisticated that if they were lurking in critical infrastructure (e.g. Russia) or exfiltrating intellectual property (e.g. China), they may not be detected until years after the fact,” Henderson says.

    “The other thing to remember is that just because an organization is compromised (i.e. suffers some kind of security incident,) that doesn’t mean there will be a complete takedown of their systems or even a ‘material’ impact. So, the general public might not hear about it, but it doesn’t mean those incidents aren’t occurring. 

    “There are also plenty of companies that don’t fall under the purview of the SEC’s rules, and some companies are getting better at improving their time to respond, which lessens the impact downstream,” Henderson concludes.

    All Quiet on the Cyber Front…Not Really

    Erich Kron, security awareness advocate at KnowBe4, says the noise in the media only comes from attacks on the biggest manufacturers and over 90% of manufacturing companies have fewer than 100 employees.

    “The small size of these organizations is going to impact the reporting statistics greatly. With small organizations being the norm, there are going to be far less regulatory requirements for reporting than there are for the larger organizations. In addition, national and global news organizations are not likely to regularly report on a successful ransomware attack on an organization with 20 employees, as that’s simply not headline worthy,” Kron says.

    “Organizations, especially larger ones, are becoming more resilient and able to successfully defend against ransomware attacks thanks to the resources available to them. Unfortunately, smaller ones do not have this luxury and are more likely to fall victim.

    “According to a report from cybersecurity firm BlackFog, in 2024 there were 789 disclosed ransomware attacks, and there were 5159 of them that were undisclosed.”

    So, don’t be lulled into inaction or unawareness just because you aren’t seeing virtual blood reported on the front page. Stay on top of your cybersecurity hygiene and prevent ever having to decide whether or not to cut that check to the criminals holding your data hostage.

    About the Author

    Dennis Scimeca

    Dennis Scimeca is a veteran technology journalist with particular experience in vision system technology, machine learning/artificial intelligence, and augmented/mixed/virtual reality (XR), with bylines in consumer, developer, and B2B outlets.

    At IndustryWeek, he covers the competitive advantages gained by manufacturers that deploy proven technologies. If you would like to share your story with IndustryWeek, please contact Dennis at [email protected].

     

    Email

    Continue Reading

    Sponsored Recommendations

    Voice your opinion!

    To join the conversation, and become an exclusive member of IndustryWeek, create an account today!

    New

    © Andrey Popov | Dreamstime.com
    dreamstime_s_242671109

    1000037279
    ID 149466428 © Bjorn Wylezich| Dreamstime.com
    dreamstime_xxl_149466428
    ID 141005735 © Oleksandr Lutsenko | Dreamstime.com
    dreamstime_xxl_141005735

    Most Read

    Sponsored