(dragos.com) Manufacturing Under Siege: How IT/OT Convergence and Architectural Gaps Fuel Ransomware and OT Threats
-
(dragos.com) Manufacturing Under Siege: How IT/OT Convergence and Architectural Gaps Fuel Ransomware and OT Threats
Manufacturing is the most targeted industrial sector for cyber attacks, with ransomware incidents nearly doubling in 2025—accounting for over two-thirds of all industrial victims. IT/OT convergence and architectural gaps enable rapid threat propagation and operational disruption.
In brief - Manufacturing faces unprecedented ransomware targeting due to IT/OT integration, weak segmentation, and insufficient OT visibility. Shared domains and misclassified incidents delay response, while threat actors like AZURITE exfiltrate operational data for future OT attacks. Critical gaps in monitoring and defensible architecture heighten risk.
Technically - Adversaries exploit weak IT/OT segmentation, using stolen credentials and compromised remote access (e.g., RDP, PowerShell) to reach VMware ESXi hypervisors hosting SCADA/HMI workloads. Encryption of virtualization layers causes Loss of View/Control without direct ICS protocol interaction. AZURITE targets engineering workstations to exfiltrate alarm data, configs, and credentials. 56% of penetration tests showed undetected lateral movement due to IT-centric monitoring lacking ICS protocol context. OT-specific IR plans, ICS-aware visibility, and secure remote access controls are critical to mitigate risks.
Source: https://www.dragos.com/blog/manufacturing-cybersecurity-ot-threats
-
R relay@relay.infosec.exchange shared this topic
