Despite companies’ constant vigilance aimed at thwarting bad actors, evidence suggests that the prevalence and severity of cyber threats are only getting worse.
Honeywell, a global technology and manufacturing company that also offers cybersecurity solutions, documented a 46% increase in ransomware extortion incidents between Oct. 1, 2024, and March 31, 2005, compared to the immediately prior six-month period.
A Trojan called Win32.Worm.Ramnit, which typically targets the banking sector to steal account credentials, was contained in 37% of files blocked by Honeywell’s SMX product. That was a 3,000% increase from the second quarter of 2024, the last time Honeywell reported on it.
Given the Trojan’s saturated presence in the ecosystems of Honeywell’s industrial customers, “it can likely be assumed it has been repurposed to extract control system credentials,” Honeywell wrote in its study report. “Despite the absence of new ransomware variants specifically designed for industrial control systems, existing adversaries continue to disrupt operations across critical sectors.”
During the reporting period, 1,929 ransomware attacks were publicly documented. A large majority (71%) occurred in eight verticals, with manufacturing, construction, healthcare and technology companies seeing the most impact.
That was a fairly unusual pattern, as ransomware attacks tend to be “more opportunistic, typically creating a normal distribution of attacks across different industries,” Honeywell wrote.
According to the report, manufacturing plants, water treatment facilities and energy providers have had to deal with forced production outages, manual failovers and supply chain interruptions due to ransomware-induced shutdowns.
In response to the increased threats, during the reporting period, some companies “doubled down on best practices that would be considered baseline,” Honeywell said. Such practices include, for example, immutable data back-ups and regularly scheduled vulnerability assessments.
As of October 2024, more than $1 billion in ransomware had been paid out by victimized companies, according to Honeywell.
Another new report on cybersecurity, from the Information Security Media Group, put the spotlight on artificial intelligence, which it said has become the “defining force” of cybersecurity-caused disruption.
While organizations are using AI to scale response capabilities and automate threat detection, “adversaries are using the same technologies to enhance phishing, generate polymorphic malware, and conduct identity fraud with unprecedented precision,” the ISMG report said.
ISMG also noted that the convergence of AI and quantum computing “further signals a critical shift requiring crypto-agility and forward planning.”
The data was culled from Honeywell’s cybersecurity solutions, which analyzed 253 million logs, scanned 79 million files, and triaged 4,600 cybersecurity events during the recent six-month period.
