• Audiohead
    67f675f93e6a09f792e12084 Dreamstime M 96376908

    Leading cyberattack against manufacturing sets record in Q1

    April 10, 2025
    GuidePoint Security report sees 102% year-over-year increase in ransomware victims and a 56% surge in number of groups behind that type of cyberattack. A separate Armis study warns that AI is supercharging cyberwarfare of all varieties.

    What you’ll learn:

    • GuidePoint reports a high of 2,063 separate ransomware victims (a 102% increase) and some 70 active ransomware groups (a 55.5% spike and a new quarterly record).
    • A 75% increase in actively exploited flaws compared to the same quarter, the first quarter, of 2024.
    • 59% of observed ransomware victims in Q1 2025 were based in the U.S.
    • According to Armis, 87% of IT decision-makers worry about cyberwarfare's impact on their organizations, a 34% increase over 2024.

    Ransomware, consistently a leading cyber weapon pointed at U.S. manufacturing, had a record first quarter of 2025, with a 102% spike in victims and a more than 50% increase in the number of groups carrying out that type of data incursion, according to a new report by Herndon, Virginia-based GuidePoint Security.

    See also: OT cybersecurity challenges: Q&A with Rob Larsen

    Another release out this week by San Francisco-based cybersecurity and "exposure management" provider Armis reported that nearly three quarters of IT decision-makers globally, including those based with manufacturers, express concern that nation-state actors are using AI to develop more sophisticated and targeted cyberattacks.

    All indications show manufacturing's in the crosshairs

    Manufacturing was ranked by the IBM X-Force Threat Intelligence Report as the top targeted sector for the third year in a row last year, and this trend apparently is continuing in 2025.

    This week, GuidePoint’s Ransomware and Cyber Threat Report for Q1 2025 revealed an all-time high for the report of 2,063 ransomware victims (a 102% increase) and some 70 active ransomware groups (a 55.5% year-over-year spike).

    “This record-breaking quarter was no coincidence,” said Grayson North, principal security consultant for the report.

    “We’re tracking more active ransomware and extortion groups than ever before, with a noticeable rise in high-volume attacks from emerging players formed out of disrupted gangs, like LockBit and AlphV. The pressing question now is whether this surge represents a residual short-term spike or the beginning of a dark year for ransomware victims.”

    See also: Why ransomware attackers target backups—and how to ensure your data is protected

    What is your company doing about cybersecurity?

    Other findings from GuidePoint's report for Q1 2025:

    • Manufacturing and the retail and technology industries were most heavily impacted by ransomware in Q1 2025, which ended on March 31. The nonprofit sector also saw a dramatic surge in ransomware attacks, with these incidents doubling quarter-over-quarter.
    • A 75% increase in actively exploited flaws compared to the same period in 2024, with 12,333 vulnerabilities reported in Q1 alone.
    • 59% of observed ransomware victims in Q1 2025 were based in the U.S., the highest proportion seen to date.

    “While historical trends suggest we could see a seasonal slowdown as we approach the summer, the threat landscape remains volatile,” North added. “A single large-scale exploit—like those we've seen from Clop—could once again shift the ecosystem’s trajectory. The conditions for another record-breaking year are firmly in place. It’s now up to the defenders to change that narrative.”

    Crystal Ball 2025: Now’s the time to strengthen your company’s cybersecurity compliance

    According to GuidePoint, Clop, the Russian-speaking data extortion gang, drove the record-high increase in ransomware attacks, claiming 348, or about 17%, of the 2,063 victims.

    RansomHub, the most prolific ransomware as a service (RaaS) group, posted 236 victims throughout Q1 2025, or 11.4% of all observed victims. GuidePoint observed a new quarterly record high of 70 named ransomware or data extortion groups observed

    Armis sees AI supercharging global cyberwarfare

    Meanwhile, the Armis report said a clear majority of IT decision-makers—64%—agree AI is challenging the geopolitical status quo, allowing smaller nations and non-state actors to emerge as near-peer cyber threats. Nearly three-quarters (73%) of those IT decision-makers globally express concern about nation-state actors using AI to develop more sophisticated and targeted cyberattacks, according to Armis.

    See also: Spearphishing, ransomware remain top cybersecurity threats to manufacturing

    “AI is enabling nation-state actors to stealthily evolve their tactics to commit acts of cyberwarfare at any given moment,” said Nadir Izrael, CTO and co-founder of Armis.

    “At the same time, threats are emerging at overwhelming rates from smaller nations and non-state actors leveraging AI to elevate to near-peer cyber threats. It is imperative that cybersecurity leaders shift their programs left of boom, enabling them to stop cyberattacks capable of crippling their operations before there’s any impact to their organization.”

    eHandbook: Cybersecurity

    According to Armis, 81% of IT leaders say moving to a proactive cybersecurity posture is a top goal for their organizations in the year ahead, but nearly three in five (58%) organizations admit that they only respond to threats as they occur, or after the damage has already been done.

    Market consolidation, complex regulatory landscapes and gaps in legacy security tools have challenged organizations’ abilities to stay ahead of threats, Armis said in a release. While many wish to implement AI-driven cybersecurity tools in a proactive defense move, half of IT decision-makers surveyed acknowledge their teams “lack the necessary expertise to implement and manage the technology.”

    See also: Optimizing your OT/IT cybersecurity strategy for an Industry 4.0 world

    More finding from the Armis release:

    • 85% of IT decision-makers confirm that offensive techniques regularly bypass their security tools.
    • Only 53% of IT leaders believe their governments can defend organizations and citizens against acts of cyberwarfare, while just 33% strongly agree that their own organization is prepared to handle a cyberwarfare attack and respond to related threats.
    • Globally, IT decision-makers consistently point to three dominant state-sponsored threats: Russia (73%), China (73%) and North Korea (40%).
    • 72% of IT leaders believe that the cyber capabilities of nation states have the potential to trigger a full-scale cyberwar, with devastating consequences for global critical infrastructure, including utilities.
    • Three-quarters (75%) of IT decision-makers believe cyberwarfare attacks will increasingly target institutions representing free press and independent thought—a sharp rise from last year’s 42%.

    “Current industry dynamics create an appealing environment for malicious actors to intensify their efforts through automated AI offensive-driven technologies,” added Michael Freeman, who is head of threat intelligence at Armis.

    “Organizations that leverage proven AI security solutions will realize a greater impact in their ability to equip their teams with the resources and time they need to anticipate the tactics that could be used against them and harden their environments in response.”

    About the Author

    Scott Achelpohl

    I've come to Smart Industry after stints in business-to-business journalism covering U.S. trucking and transportation for FleetOwner, a sister website and magazine of SI’s at Endeavor Business Media, and branches of the U.S. military for Navy League of the United States. I'm a graduate of the University of Kansas and the William Allen White School of Journalism with many years of media experience inside and outside B2B journalism. I'm a wordsmith by nature, and I edit Smart Industry and report and write all kinds of news and interactive media on the digital transformation of manufacturing.

    Email

    Continue Reading

    Sponsored Recommendations