Manufacturing sector most targeted by cyber threat actors during Q3

London, UK– Leading industrial cybersecurity solutions provider, Dragos has revealed manufacturing as the most likely industrial sector to fall victim to cyber-attacks, with the sector facing 394 unique attacks across Q3 2024 – 71% of all ransomware incidents across key industries.

Dragos assesses with moderate confidence that ransomware activity targeting industrial organisations will continue to escalate into the future, driven by financially and ideologically motivated actors. The shift from traditional financial extortion to operational sabotage, particularly by hacktivist personas, compounds these risks. This convergence of motivations further blurs the line between cybercrime and cyberwarfare, requiring enhanced defenses for ICS and OT environments.

The third quarter (July – September) of 2024 brought transformative shifts to the ransomware landscape, emphasizing its dynamic and continuously evolving nature. The ransomware threat ecosystem remained highly active in the third quarter, fueled by new groups, rebranding of existing entities, expansion of initial access broker operations, and proliferation of illicitly traded tools. Ransomware operators increasingly demonstrated their ability to pivot in response to disruptions during the third quarter, leveraging technological advancements and strategic realignments to maintain their operations.

Some other key industry figures from Q3 include:

• The transportation sector faced 38 incidents, representing 7% of all observed incidents.
• Communications and electric each experienced 17 and 13 incidents, collectively making up approximately 5% of ransomware incidents
• Oil and natural gas (ONG) recorded 13 incidents, reflecting 2% of the total incidents
• Government sector entities faced 12 ransomware incidents, making up 2% of the total incidents
• Water and wastewater entities faced 5 ransomware incidents
• Mining faced 3 ransomware incidents
• The data centre sector faced 1 ransomware incident

The third quarter of 2024 highlighted the ongoing evolution of ransomware threats. Established groups like RansomHub, LockBit3.0, and Play maintained prominence while new actors emerged to exploit vulnerabilities in IT and OT environments.

The industrial sector, particularly manufacturing and ICS equipment and engineering, remained a prime target, with ransomware operators leveraging advanced tactics and exploiting weak credential practices and vulnerabilities in remote access systems.

North America experienced the highest number of ransomware incidents, accounting for 304 attacks (approximately 55% of global ransomware activity). Most of these targeted the United States and Canada, with adversaries focusing on critical sectors such as manufacturing, utilities, and healthcare. Europe was the second most impacted region, with 119 incidents (approximately 22% of global ransomware attacks). The United Kingdom, Germany, and Italy were among the most targeted countries, with attacks primarily affecting manufacturing, transportation, and technology sectors.

Organisations must prioritise strong cybersecurity measures to mitigate these threats, including monitoring critical ports, enforcing multi-factor authentication (MFA), maintaining offline backups, and securing remote access. Enhanced personnel training and continuous assessment of network architecture are critical to defending against evolving tactics.

As the ransomware landscape continues to fragment and adapt, proactive defences, intelligence sharing, and collaboration will remain essential to protecting critical infrastructure and industrial operations.

Check out the full analysis here: https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q3-2024/