Ransomware attacks against the manufacturing industry increased from 211 in 2021 to 437 in 2022, according to CyberScoop.
Attacks targeted at manufacturing plants accounted for over 70% of the 605 ransomware incidents against the industrial sector last year, which was a 92% increase over 2021 figures, a report from Dragos revealed.
Manufacturing facilities have been vulnerable to ransomware attacks due to limited system visibility and shared information network and operational technology credentials, said Dragos CEO Robert Lee.
The report also showed the significant risk presented by the Chernovite and Bentonite operations to the industry, with the former being dubbed as "the most dangerous threat group to date" and is believed to be behind the modular industrial control system toolset Pipedream.
"One of the things that makes Pipedream truly unique, is this is the first time ever that weve had a set of malware that can be disruptive or destructive in industrial control system environments across industry," Lee noted.
Meanwhile, the similarly sophisticated Bentonite operation, which was found to have overlaps with Iranian hacking group Phosphorus and Nemesis Kitten, has been leveraging known security flaws in targeting governments, maritime oil and gas, and manufacturing.
Ransomware attacks against US manufacturing industry spike
Ransomware attacks against the manufacturing industry increased from 211 in 2021 to 437 in 2022, according to CyberScoop.
Attackers purporting to be Royal Mail distributed malicious emails about a failed package delivery with a PDF attachment that included a link redirecting to a Dropbox-hosted ZIP file, which then facilitated the execution of Prince ransomware.
Such websites, which are operated under "AI Nude" and are advanced by black hat SEO techniques, promise the conversion of uploaded photos into deepfake nudes but display a link, which when clicked redirected to another site with the password and link to the password-protected Dropbox-hosted archive that contains the infostealer malware.
Both iOS and Android devices have been targeted with attacks involving the fake app dubbed "SB-INT," which lured victims into manually trusting the Enterprise developer profile before triggering the registration process that would seek additional information from victims.