惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

A
About on SuperTechFans
C
Cybersecurity and Infrastructure Security Agency CISA
N
News and Events Feed by Topic
C
Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
A
Arctic Wolf
Scott Helme
Scott Helme
P
Palo Alto Networks Blog
S
Schneier on Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Tor Project blog
量子位
G
Google Developers Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog RSS Feed
NISL@THU
NISL@THU
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
AWS News Blog
AWS News Blog
爱范儿
爱范儿
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
L
LINUX DO - 最新话题
Security Archives - TechRepublic
Security Archives - TechRepublic
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Secure Thoughts
Cloudbric
Cloudbric
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
TaoSecurity Blog
TaoSecurity Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Hacker News: Ask HN
Hacker News: Ask HN
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The GitHub Blog
The GitHub Blog
有赞技术团队
有赞技术团队
S
Security @ Cisco Blogs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
G
GRAHAM CLULEY
P
Proofpoint News Feed
V
V2EX
Martin Fowler
Martin Fowler
C
CERT Recently Published Vulnerability Notes
Attack and Defense Labs
Attack and Defense Labs
C
CXSECURITY Database RSS Feed - CXSecurity.com
The Cloudflare Blog
SecWiki News
SecWiki News
罗磊的独立博客
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
小众软件
小众软件
The Last Watchdog
The Last Watchdog

Check Point Blog

AI Appreciation Day: Let's Be Honest About What We're Appreciating - Check Point Blog AI Security Is Never Finished: Building the Continuous Red Teaming Loop  - Check Point Blog AI Security Threats in 2026: Annual Insights from Check Point Research - Check Point Blog AI Agents are Only As Effective as Their Harness - Check Point Blog Email Agent Hijacking: The Hidden Threat That Breaks Post-Delivery Security - Check Point Blog How Check Point Email Security Stopped a Student Job Scam Before It Reached the Inbox - Check Point Blog Redefining the CISO Contract: From Securing the Business to Securely Doing Business - Check Point Blog A New Ransomware Leader Emerges as June 2026 Attack Volumes Climb Worldwide How Unified Policies Close Security Gaps - Check Point Blog Under Pressure: Insights from the 2026 Exposure Gap Report - Check Point Blog When AI Invents the Attack: Browser-Native Ransomware - Check Point Blog Check Point and the AWS European Sovereign Cloud: Securing Europe’s Digital Future - Check Point Blog Shadow AI Is Not a Tool Problem. It's a Timing Problem. - Check Point Blog AI Is Changing Cyber Careers. NICE 2026 Showed What Students Need Next - Check Point Blog 90% of the World's Businesses are SMEs and MSMEs and AI Is Reshaping Both Their Future and Their Risk - Check Point Blog Prevention Before the Inbox: Reading the Microsoft Defender Benchmark Report in Context - Check Point Blog ClickFix: The Attack That Turns Users Into Their Own Attackers - Check Point Blog From Prompt Testing to AI Red Teaming at Enterprise Scale - Check Point Blog AI Has Moved From Assistance to Action. Is Your Security Model Ready? AI Security Governance: How to Secure AI Agents, Copilots, and Autonomous AI in 2026 - Check Point Blog OpenAI Frontier AI Models Powering Check Point's Leading Cyber Security Solutions The Operational Reality of Zero Trust- And How You Can Change It - Check Point Blog Amazon Prime Day 2026: Bargains Begin June 23 — and So Do the Scams - Check Point Blog Securing AI Agent Behavior with Amazon Bedrock AgentCore and CheckPoint AI Security - Check Point Blog What Successful Exposure Management Deployments Had in Common in 2026 - Check Point Blog From Stars to Upvotes: The Fake Reputation Economy Behind a Crypto Clipboard Hijackers - Check Point Blog AI Red Teaming Makes the Unknowns Known - Check Point Blog Check Point and Illumio Expand Partnership to Secure Hybrid Environments - Check Point Blog The NCSC Patch Wave Is Coming. Do You Know Where Your Risk Lives? - Check Point Blog NCSC Warns of AI-Driven Patch Wave: Is Your Attack Surface Ready? Energy, Healthcare, and Finance: Why Midwest Industries Are Facing Surging Cyber Attacks - Check Point Blog Midwest Cyber Attacks Surge in 2026: Energy, Healthcare, and Finance Under Growing Threat Travel Phishing and Cyber Attacks are Surging in 2026, Growing 122% over the last 3 years. Here's What Cyber Criminals Are Actually Doing - Check Point Blog Travel Phishing Scams Surge 122%: How Cybercriminals Are Targeting Travelers in 2026 The AI Your Security Team Can’t See Is the One You Should Worry About Check Point Engage Public Sector 2026: AI Is the New Battlefield Check Point Joins OpenAI’s Trusted Access for Cyber Program and Daybreak Initiative When Your AI Agent’s Memory Becomes a Security Liability AI Agents Are Becoming Enterprise Workers. Who Secures Them? Global Cyber Attacks Ease in May 2026, But Ransomware Surges 48% As Threats Reorganize Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) Fraud, Ransomware, and Fake Apps Are Already Targeting FIFA 2026 The AI Defense Plane: Securing the New Enterprise Execution Layer The Meta AI Account Recovery Incident Wasn’t Just a Chatbot Problem Check Point Lays the Groundwork for the Future of AI Factory Security with NVIDIA - Check Point Blog Check ... The 2026 U.S. Midterms Have a Cyber Problem, But it’s Not at the Ballot Box The Server Seizure That Affects Also Iran’s Cyber Operations The Autonomous Security Platform Built for Attacker Speed Check Point Frontier AI Models Readiness Program – Security Update 2026 Cloud Security Report: Why Traditional Network, Cloud, and Security Architecture Are Lagging Behind t ... AI Attacks Are No Longer Experimental: Key Findings from the March-April 2026 AI Threat Landscape - Check ... Protect GenAI Chatbots with Check Point WAF The Network Security Problem No One Could Solve – Until Now. Hacktivists, Ransomware, and a 124% Surge Across DACH The Case for a Vulnerability Operations Center Before the First Whistle: How Cyber Criminals Are Targeting World Cup 2026 - Check Point Blog World Cup 20 ... When the Ransomware Gang Gets Hacked: What the Gentlemen Leak Reveals About Modern Ransomware Risk - Check ... Cyber Threats Spike in April 2026 as Ransomware Expands and Attack Volumes Climb After Short-Lived Moderation Q1 2026 Ransomware Report: Fewer Groups, Higher Impact - Check Point Blog World Password Day 2026: Why "Strong Passwords" Can’t Save You from AI, Infostealers, and the Telegram Underground - Check Point Blog Resilient by Design: When the Network Itself Becomes the Target AI Threat Readiness: Defending Against Attacks Powered by Frontier AI Models Check Point Cyber Security Now Available Across All Levels of U.S. Government - Check Point Blog Check Poi ... VECT Ransomware: Why Paying Won’t Get Your Files Back Check Point WAF Leads Application Security-Validated by Frost & Sullivan Check Point WAF Leads Application ... From Access Control to Outcome Control: Securing AI Agents with Check Point and Google Cloud Experience AI-Powered Check Point Firewall at Google Cloud Next AI Finds Every Gap: How Many Can Your Network Survive? The Gentlemen RaaS Is Surging in 2026 The Phishing Paradox: The World’s Most Trusted Brands Are Cyber Criminals’ Entry Point of Choice World Quantum Day 2026: The Harvest Has Already Begun, Are You Prepared? March 2026 Cyber Threat Report: Ransomware & GenAI Risk PS Private Training: Turning Cyber Complexity into Operational Control Tax Season 2026: How Cyber Criminals Are Preparing Their Attacks Months in Advance Claude Mythos Wake-Up Call: What AI Vulnerability Discovery Means for Cyber Defense Iran-nexus Password Spray Campaign Targeting Cloud Environments, with a Focus on the Middle East ROI of Hybrid Mesh Network Security (IDC Study 2026) Operation TrueChaos: TrueConf Zero‑Day Supply‑Chain Attack ChatGPT Data Leak (Fixed Feb 2026): Key Takeaways Spring Cleaning Has Arrived: Meet the New Check Point Portal Experience North America’s Cyber Security Threat Reality in 2026
Why Manufacturing Cyber Security is Becoming More Complex as Cyber Attacks Accelerate
lizwu@checkpoint.com · 2026-04-13 · via Check Point Blog

The global manufacturing sector entered 2025 facing one of the most aggressive cyber threat environments in its history. Digital transformation, smart factories, and interconnected supply chains have expanded operational efficiency to places 50 years ago we wouldn’t have thought possible. But, this comes with unprecedented cyber risk. According to the Manufacturing Threat Landscape 2025 report, cyber incidents targeting manufacturing increased sharply year over year, placing the industry at the center of global ransomware activity.

Manufacturing Becomes the Primary Ransomware Target

In 2025, global ransomware incidents reached 7,419 documented cases, representing a 32 percent increase year over year. Manufacturing was the most targeted industry sector. Attacks against manufacturers rose 56 percent, increasing from 937 incidents in 2024 to 1,466 in 2025.

The financial reasoning of attacking manufacturers is the fact that downtime can cost millions per day, disrupt safety of critical operations, and cascade across global supply chains. Threat actors increasingly view production disruption as leverage rather than collateral damage.

The United States led globally with 713 manufacturing ransomware incidents, followed by India (201), Germany (79), the United Kingdom (65), and Canada (62). These figures show that both mature and emerging industrial economies face similar exposure levels.

Manufacturing Top 5 Targeted Countries 2025

Why Manufacturers Are So Vulnerable

Three structural weaknesses continue to drive manufacturing cyber risk.

  1. First, legacy operational technology systems remain deeply embedded in industrial environments. Many programmable logic controllers, SCADA systems, and industrial IoT devices were never designed with modern security controls. In Europe, 80 percent of manufacturers still operate critical OT systems with known vulnerabilities, making exploitation both feasible and repeatable.
  2. Second, supply chain complexity has expanded the attack surface. In 2025, supply chain attacks nearly doubled, rising from 154 incidents in 2024 to 297 in 2025. Threat actors increasingly compromise smaller vendors, managed service providers, or SaaS platforms to gain indirect access to large industrial targets.
  3. Third, ransomware-as-a-service operations have matured. Affiliate-based models allow threat groups to scale attacks rapidly, reuse proven tooling, and localize campaigns by geography and industry.

Read the manufacturing threat landscape now.

The Threat Actors Driving Industrial Attacks

Several ransomware groups dominated manufacturing attacks in 2025.

Manufacturing Top 10 Threat Actors

Akira, active since 2023, emerged as one of the most financially successful groups, generating an estimated $244 million in proceeds by late 2025. Akira commonly gains access through VPNs without multifactor authentication, exploited vulnerabilities, and spear phishing. A notable 2025 incident involved a German cable manufacturer, where 27 GB of sensitive data was exfiltrated before encryption.

Qilin, a Russiabased ransomware-as-a-service operation, focused heavily on manufacturing and logistics. In one 2025 attack, Qilin stole 29,843 internal files from a manufacturing and logistics firm, creating downstream supply chain risk beyond the initial victim.

Play ransomware continued to impact U.S. manufacturers, with the FBI reporting approximately 900 affected entities by mid2025. Play is known for abusing valid credentials and disabling security controls prior to encryption, increasing operational impact.

Alongside ransomware groups, hacktivist and geopolitical actors such as NoName057(16) and Chinese – aligned defacement groups targeted industrial entities with denial-of-service attacks, OT reconnaissance, and public website defacement, particularly during periods of geopolitical tension.

The Most Common Attack Paths Into Manufacturing Networks

Manufacturing Attack Vectors

Ransomware remained the dominant threat vector, responsible for 890 manufacturing incidents in 2025. However, attackers used multiple entry points to gain access.

  • Exploited vulnerabilities accounted for 32 percent of attacks, frequently targeting legacy OT systems and public facing applications
  • Phishing and malicious email campaigns represented 23 percent of incidents, increasingly enhanced with AI-generated lures
  • Compromised credentials became more valuable, with industrial access credentials selling for $4,000 to $70,000 on dark web marketplaces
  • Supply chain compromise and remote access abuse enabled attackers to move laterally between IT and OT environments with limited detection

Beyond encryption, attackers also deployed data theft, extortion-only tactics, and information system disruption, reflecting a broader shift away from single vector attacks.

Regional Impact Highlights

In Europe, manufacturing represented 72 percent of industrial ransomware attacks in Q3 2025. Average ransom demands reached $1.16 million, more than double the previous year. High profile incidents disrupted automotive, aerospace, and transportation supply chains across multiple countries.

In the United States, manufacturing was the most attacked sector for the fourth consecutive year, with ransomware comprising nearly half of all industrial breaches. Median attack costs reached $500,000, excluding long-term operational losses.

India emerged as the APAC ransomware epicenter, with 65 percent of affected companies paying ransoms and average payments reaching $1.35 million, particularly within manufacturing and critical IT services.

A Manufacturing Cyber Security Reprioritization is Needed

A manufacturing cyber security shift is needed to reprioritize the following things:

  1. Manufacturers must implement Zero Trust architectures across both IT and OT environments, enforcing strict identity validation, least privilege access, and network segmentation.
  2. Vulnerability management and patching remain critical, particularly for VPNs, internet facing applications, and OT gateways. Patching and compensating controls, must be implemented in hours and not days/weeks, per the CTEM framework.
  3. Credential management must be significantly improved, from detecting leaked credentials, to implementing SSO/MFA.
  4. Immutable, offline backups are essential, as attackers increasingly target backup infrastructure.
  5. Employee training also requires renewed focus, as AI-assisted phishing continues to evolve.
  6. Finally, third-party risk management has become a core security function. Vendor access, SaaS integrations, and managed services now represent primary attack vectors rather than secondary concerns.
2026 Manufacturing Security Forecast

Cyber threats targeting manufacturers are expected to intensify further in 2026. AI-enabled ransomware, faster attack execution, reduced dwell time, and a continued shift toward data extortion are projected to define the next phase of industrial cyber risk.

Read the manufacturing threat landscape  to see what else shaped 2025 and what needs to be shifter in 2026.