Manufacturing top target of record-breaking cyber extortion

Posted on 1 Dec 2023 by James Devonshire

The manufacturing industry was the top target of nefarious actors attempting to carry out cyber extortion in 2023, new research has revealed.

According to Orange Cyberdefense’s Security Navigator 2024 report, manufacturing organisations represented 20% of all cyber extortion attacks in 2023 – a 42% increase over 2022 and 17% more than the second most targetted industry: professional, scientific and technical services. In fact, it has been a record-breaking year for cyber extortion – which includes ransomware– with an unprecedented 46% increase in this type of attack.


Source: Orange Cyberdefense


In total, Orange Cyberdefense recorded 129,395 detected cyber incidents this year – up from 99,506 in 2022, a 30% rise. Of these, 25,076 (19%) were deemed to be True Positive Incidents i.e. genuine threats. Companies in the manufacturing sector were targets in 32.43% of the total of confirmed incidents, followed by the retail industry (21.73%) and professional, scientific and technological services (9.84%).

As the report authors note: “In the case of Manufacturing, we currently still believe that vulnerability is the primary factor that determines which businesses get compromised and extorted. As our analysis of Industry patterns elsewhere in this report suggests, business[sic] in the Manufacturing sector may have less mature security postures and therefore find themselves more vulnerable to opportunistic attacks.”

AI: ally turned enemy

As part of its report, Orange Cyberdefense also outlined some of its predictions for 2024. One of the main warnings was about how artificial intelligence (AI) cyber attacks are evolving and will pose an even bigger threat in the not so distant future.

An example cited by Orange Cyberdefense was how attackers are using AI to perform increasingly more sophisticated phishing attacks. By leveraging AI, hackers can write content in the victim’s language, without syntax or grammatical errors. Moreover, AI can be used to perform ‘vishing’ attacks (phishing campaigns conducted via telephone or voice message), threats that are even more complex to deal with and mitigate.

For an industry like manufacturing, one that will do virtually anything to avoid downtime and has lengthy, often complex supply chains which create more vulnerabilities than most other sectors, a security-first mindset is no longer optional.

Read more of our Digital Transformation articles here