The State of Cyber Security in Manufacturing: 2025 Year in Review

The manufacturing sector has faced an increasingly hostile cyber landscape throughout 2025.

Ransomware, supply chain attacks, industrial IoT vulnerabilities, and state-backed espionage have continued to threaten operational continuity, data integrity, and overall business resilience across the manufacturing sector. This review examines the key cyber threats, attack patterns, and emerging trends observed over the past year, highlighting both the challenges and strategies for mitigation.

With global cyber crime projected to cost industries $10.5 trillion (£7.8T) annually by the end of 2025, manufacturing is positioned as a high-risk sector due to its operational dependencies, reliance on legacy systems, and interconnected supply chains. The intensifying sophistication of threat actors, combined with evolving technological risks, underscores the urgency for robust cyber security frameworks, proactive threat intelligence, and workforce education.

A Persistent Target: Manufacturing Under Attack

Manufacturing remains one of the most heavily targeted sectors for cyber criminals. In 2025, manufacturers accounted for 18.6% of all ransomware incidents, reflecting a continued focus on operational technology (OT) and interconnected production systems. The reliance on legacy systems, combined with a critical dependence on uptime, makes this sector a lucrative target for ransomware groups and other threat actors.

The sector’s vulnerability is further exacerbated by the integration of Industrial Internet of Things (IIoT) devices, automated production lines, and cloud-based supply chain management tools. Attackers are increasingly exploiting the combination of outdated OT systems and poorly secured IIoT devices to disrupt operations, steal sensitive data, and extract ransoms.

Notable ransomware gangs, including RansomHub, Clop, Play, and BlackLock, have actively exploited zero-day vulnerabilities, spear-phishing campaigns, and double extortion strategies, demonstrating increasingly sophisticated tactics. Operational disruptions, whether through encrypted production systems or stolen data threats, remain a key motivator for attackers. In addition, ransomware-as-a-service (RaaS) models have made sophisticated attack tools accessible to a broader spectrum of cyber criminals, increasing both the frequency and scale of attacks.

Emerging Threats & Attack Vectors:

Ransomware & Data Extortion:

Ransomware attacks continue to dominate the cyber threat landscape. In 2025, double extortion (combining data encryption with theft and public exposure threats) became the standard approach. Approximately 44% of manufacturing systems were affected by ransomware, with 62% of victims reportedly paying ransoms to avoid operational downtime.

The financial and reputational impact of such attacks cannot be overstated. Production halts often result in millions of pounds of lost revenue, supply chain disruptions, and potential contractual penalties. In some cases, intellectual property theft adds long-term strategic risk, particularly for manufacturers dependent on proprietary processes or sensitive design information.

Supply Chain & OT Vulnerabilities:

Supply chain exploitation remains a critical concern. Cyber criminals are increasingly targeting third-party vendors to infiltrate manufacturing networks, while industrial control systems and IoT devices present additional attack surfaces. Compromised software updates, malicious dependencies, and insecure vendor networks have caused cascading operational disruptions in multiple regions.

Many manufacturing firms continue to operate outdated systems, including soon-to-be unsupported Windows 10 environments, creating further security gaps. The combination of legacy systems and insufficient patch management leaves manufacturers particularly vulnerable to lateral movement attacks, privilege escalation, and ransomware deployment.

Phishing & Social Engineering:

Advanced phishing campaigns, particularly in Russia, have leveraged impersonation tactics and AI-driven personalisation to harvest employee credentials. Attackers pose as HR managers or senior executives, exploiting human trust to bypass technical security measures.

AI-enhanced phishing campaigns have allowed attackers to tailor messages based on employee data, increasing click-through rates and infection success. The trend underscores the need for ongoing staff training, simulated phishing exercises, and the adoption of multifactor authentication (MFA) to mitigate credential theft.

State Backed Espionage:

Espionage groups such as the China-linked Silk Typhoon have intensified attacks on global IT supply chains. By targeting widely used remote management tools, cloud applications, and enterprise IT platforms, these state-backed campaigns aim to gain persistent access to sensitive systems.

Such attacks demonstrate both high technical expertise and strategic intent, often focusing on intellectual property theft, industrial secrets, and critical infrastructure destabilisation. Manufacturers reliant on global supply chains are particularly at risk, as infiltration of a single vendor or partner can compromise entire operational networks.

Dark Web Trends & Malware Evolution:

The dark web continues to serve as a marketplace for stolen data, malware, and attack tools. In 2025, databases accounted for 51% of threat actor posts, while the sale of compromised information represented 58% of activity targeting the UK.

Emerging malware tools, such as the Fleckeri R7 spyware and botnet suite, exemplify increasingly versatile capabilities, including file manipulation, screen and audio capture, and DDoS functionality. This malware can bypass mainstream antivirus and XDR solutions, reflecting the growing sophistication and reach of underground cyber crime networks.

Stealer malware remains a significant concern, with datasets like “ALIEN TXTBASE” exposing billions of credentials. Such datasets are often disseminated via Telegram channels or dark web marketplaces, making stolen credentials widely accessible to criminal networks. Top malware families included RedLine, Raccoon, and Vidar Stealers, primarily delivered via phishing emails, malicious browser extensions, and compromised software downloads.

The proliferation of stealer logs and malware-as-a-service (MaaS) offerings has effectively lowered the barrier to entry for cyber criminals, allowing even relatively inexperienced attackers to conduct highly impactful operations.

Artificial Intelligence: Double Edged Sword

AI has emerged as both a threat and a defensive tool in cyber security.

Cyber criminals leverage AI to automate targeted phishing campaigns, exploit vulnerabilities faster, and generate realistic deepfakes for social engineering. These techniques can convincingly impersonate executives, manipulate employees, and bypass traditional security defences.

Conversely, defenders use AI for behavioural analysis, anomaly detection, and threat simulation. Machine learning enables early detection of suspicious patterns before full-scale attacks occur, reducing false positives and allowing cyber security teams to focus on genuine threats.

However, AI introduces new risks, including prompt injection attacks on Large Language Models (LLMs) and potential misconfigurations in AI-powered tools. The 2025 cyber threat landscape highlights the need for both attackers and defenders to continually evolve alongside these technological advances.

Notable Incidents In 2025:

• Clop Ransomware (Feb 2025): Exploited unpatched VPN vulnerabilities to encrypt critical manufacturing data, affecting multiple global firms and leading to ransom demands between $500,000 and $5 million.

• BlackLock Ransomware (Mar 2025): Targeted European and North American manufacturers via misconfigured servers, halting operations for 46 firms and causing significant supply chain disruptions.

• Supply Chain Exploits: Attacks on third-party software and services caused cascading operational and reputational impacts, emphasising the interconnected nature of modern manufacturing.

These incidents highlight the diversity of attack vectors, ranging from phishing and ransomware deployment to exploitation of unpatched software and misconfigured cloud environments.

Key Vulnerabilities and MITRE ATT&CK Techniques:

Top exploited vulnerabilities included privilege escalation flaws in Linux drivers, authentication bypasses in CrushFTP, and sandbox escapes in Chromium-based browsers. Attackers frequently employed MITRE ATT&CK techniques such as process injection, credential harvesting, and data encryption for impact.

The widespread use of unpatched or misconfigured systems, particularly in operational technology, underscores the importance of prioritising vulnerability management and monitoring emerging threats.

Recommendations for 2026:

1. Conduct Regular Risk Assessments: Identify vulnerabilities and prioritise mitigations across IT and OT systems.

2. Invest in Employee Training: Address human error through awareness programmes targeting phishing, social engineering, and credential security.

3. Upgrade Legacy Systems: Replace outdated infrastructure with modern, patchable platforms.

4. Implement Network Segmentation: Isolate critical OT systems to reduce the impact of breaches.

5. Monitor the Supply Chain: Audit third-party vendors to ensure compliance with cybersecurity standards.

6. Deploy Advanced Security Solutions: Utilise endpoint protection, intrusion detection, and multi-layered defences.

7. Develop Incident Response Plans: Prepare comprehensive response strategies to minimise operational and financial impacts during attacks.

8. Leverage AI for Threat Detection: Use machine learning for anomaly detection, automated threat hunting, and real-time incident response.

2025 has underscored the mounting cyber threats facing the manufacturing sector. Ransomware, supply chain vulnerabilities, AI-powered attacks, and state-backed espionage have made the sector a high-value target. Organisations must adopt a proactive, multi-layered approach to cyber security, combining technical defences, workforce education, and rigorous risk management to safeguard operations and maintain resilience.

As the cyber threat landscape grows increasingly complex - preparedness, adaptability, and strategic investments in emerging technologies such as AI will be critical for manufacturers to navigate threats, protect intellectual property, and ensure continuity in a world where cyber risks continue to escalate.

Download Our Manufacturing Sector Risk Outlook Report:

Explore our in-depth threat intelligence report specifically for the manufacturing sector - analysing the current threats, trends and future predictions that organisations across the sector need to be aware of.

How PureCyber Can Help

The PureCyber team are here to take over the burden of your cyber security and ensure your organisation’s data remains secure and well managed, with proactive monitoring and real-time threat intelligence - providing you with a comprehensive and reliable cyber department to support you in all aspects of your security efforts, including: 24/7 Security Operations Centre (SOC) services, MXDR (Managed Extended Detection & Response),Threat Exposure Management (TEM) & Brand Protection Services & Penetration Testing.

PureCyber is recognised as an Assured Service Provider by the NCSC to offer governance and compliance consultancy services/audits. Contact our team of compliance experts to enquire about our full range of Governance Support - including Cyber Essentials, ISO 27001, FISMA, SOC1 and SOC2 standards.

Get in touch or book a demo for more information on our services and how we can safeguard your organisation with our expert cyber security solutions.

Email: info@purecyber.com Call: 0800 368 9397