Industrial automation systems worldwide are facing an unprecedented scale of cyber threats, with security researchers detecting a staggering 11,679 distinct malware families targeting critical infrastructure in the first quarter of 2025. Securelist researchers identified a complex multi-stage attack methodology being employed against industrial targets, where initial compromise typically leverages internet-based threats including malicious scripts, phishing pages, and compromised websites. This alarming figure, revealed in a comprehensive threat landscape report, underscores the sophisticated and diverse nature of attacks targeting industrial control systems (ICS) across various sectors, with approximately 21.9% of monitored industrial computers experiencing blocked malicious activity during this period. Among industrial sectors, biometrics technology implementations have emerged as particularly vulnerable, showing the highest percentage of systems targeted and being the only sector to experience an increase in attack attempts compared to the previous quarter. The internet remains the dominant attack vector, with researchers noting significant exploitation of legitimate platforms including content delivery networks (CDNs), cloud storage services, and messaging applications to distribute malicious code. These initial infection vectors then deliver more dangerous payloads including spyware, ransomware, and cryptominers, establishing persistent access within industrial networks and potentially allowing lateral movement to more sensitive systems. The attackers often repeat the same Tactics, Techniques, and Procedures (TTPs) during network traversal, especially utilizing malicious scripts and established command and control (C2) channels to move laterally within industrial networks. Security experts recommend that industrial organizations implement policy-based blocking of potentially vulnerable services, particularly within operational technology (OT) networks where such services are rarely required. Cybersecurity experts have identified a concerning trend in the malware landscape as threat actors increasingly leverage fileless techniques to circumvent traditional security measures. This suggests financially motivated threat actors are increasingly hijacking industrial computing resources for cryptocurrency mining operations, potentially causing operational disruptions, increased energy costs, and reduced system performance in critical manufacturing environments. Initial access typically begins with users visiting compromised websites through targeted phishing campaigns, with attackers increasingly using legitimate internet services to bypass security controls. When analyzing the attack chains, researchers discovered that threat actors frequently deployed malicious scripts that function as droppers or loaders for more sophisticated malware. With the continued evolution of these threats, comprehensive security monitoring and segmentation have become essential components of industrial cybersecurity strategy. Additionally, special attention should be paid to removable media, network folders, and infected backup files, as these remain common vectors for worms and viruses attempting to propagate through industrial networks. A particularly concerning trend is the strong correlation between malicious scripts/phishing pages and subsequent spyware infections, which reached higher levels in the first three months of 2025 than during the same period in 2024. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 16 May 2025 12:29:55 +0000