Manufacturing sector hit hardest by ransomware in 2024 Q4

Cybersecurity firm Dragos has released its latest research identifying the manufacturing sector as the most frequently targeted by cyber-attacks, particularly ransomware, in the last quarter of 2024.

The analysis revealed more than 600 ransomware incidents affecting industrial sectors globally in the fourth quarter of 2024, marking an increase from the numbers recorded in Q3.

Dragos reported that manufacturing was the hardest hit, bearing 70% of ransomware activities within industrial sectors. Out of the total ransomware incidents observed, 424 took place in the manufacturing sector.

The data indicated an upward trend in ransomware incidences, with newly branded or rebranded ransomware groups surfacing or partnering with existing adversaries to execute attacks using sophisticated tactics, techniques, and procedures (TTPs). The coalescence of operational and strategic motives has led to the theft of sensitive industrial data, disruptions to operations, and financial losses.

Key findings highlighted the extent of impact across various sectors. While manufacturing led with 424 incidents, the industrial control systems (ICS) equipment and engineering sector registered 58 incidents, or 10% of total activity. Meanwhile, the transportation sector encountered 69 incidents, and the oil and natural gas industry reported 19 incidents.

Other sectors like government, water, mining, renewables, and datacentres faced fewer attacks, with counts ranging from two to five.

Geographically, North America was the most affected region, with 308 reported incidents constituting about 51% of global ransomware activities, predominantly in the United States. Europe experienced 168 incidents, with the UK, Germany, and Italy as principal targets. Asia accounted for approximately 70 incidents. South America, the Middle East, Oceania, and Africa reported fewer incidents, with 19, 13, 14, and 7 attacks respectively.

Throughout the final quarter of 2024, ransomware groups were noted to swiftly alter their tactics and alliances. Prominent groups such as RansomHub, LockBit3.0, and Play continued to exert influence, while emerging threats deployed modern tactics and built affiliate networks.

Attacks often exploited IT vulnerabilities, such as unpatched VPN devices, outdated firewall firmware, and insufficient backup protocols, leading to operational disruptions in impacted environments.

The manufacturing, transportation, and ICS engineering sectors remained focal targets due to their vulnerabilities in remote access and credentials management.

Dragos emphasises the importance of certain cybersecurity measures to mitigate these threats.

Organisations are urged to enforce multi-factor authentication (MFA), closely monitor critical ports, keep offline backups, and reinforce remote access protocols. Enhanced training for personnel and regular network architecture evaluations are also deemed critical in counteracting the continually evolving ransomware strategies.

The report underscores the necessity for proactive defence strategies, robust threat intelligence sharing, and collaborative efforts to mitigate risks as the ecosystem of ransomware continues to diversify and adjust.

Protecting the integrity of critical infrastructure and industrial operations will require sustained vigilance and adaptation.