For the fourth consecutive year, manufacturing remains the most attacked sector, accounting for 26% of all incidents, according to IBM’s 2025 Threat Intelligence Index. The industry’s outdated legacy systems and high-value intellectual property make it a prime target, with 29% of attacks leading to extortion and 24% to data theft. Close behind is finance and insurance (23%), where attackers focus on credential harvesting and espionage, while professional services (18%) suffer from rampant data leaks.
Attack Vectors: Credentials Over Malware
Cybercriminals are increasingly “logging in rather than breaking in.” The report notes that 30% of breaches involved valid account credentials, often stolen via phishing or info stealers like Lumma (3.8M+ credentials on dark web forums). Phishing remains a key entry method, though its success rate has dropped to 25% as defenses improve. Meanwhile, AI is supercharging attacks—threat actors now use generative AI to craft convincing phishing emails and even write malicious code.
Ransomware Decline, But Not Gone
While ransomware accounts for 28% of malware cases, its prevalence has declined for the third straight year, partly due to law enforcement takedowns (e.g., Operation Endgame dismantling IcedID and TrickBot infrastructure). However, IBM warns that ransomware groups are evolving—cross-platform attacks (targeting both Windows and Linux) and multiple extortion tactics (data theft + encryption) keep them dangerous.
Critical Infrastructure Under Fire
A staggering 70% of attacks targeted critical infrastructure—energy, healthcare, and transportation—with 31% exploiting public-facing applications. Once inside, attackers conduct post-compromise scanning to find new vulnerabilities, often remaining undetected for months. The Asia-Pacific (APAC) region, a hub for manufacturing and supply chains, bore the brunt (34% of global attacks), while North America saw a surge in credential harvesting (40%).
Dark Web’s Role in Cybercrime
The dark web fuels cybercrime-as-a-service (CaaS), where exploits are bought and sold. The most discussed vulnerabilities included Fortinet’s CVE-2024-21762 (27%) and Palo Alto’s CVE-2024-3400 (14%)—both with exploits available within two weeks of disclosure. IBM notes that 60% of top CVEs had weaponized code circulating quickly, leaving businesses little time to patch.
As IBM’s Mark Hughes warns, “Businesses need to shift from ad-hoc prevention to proactive measures—modernizing authentication, plugging MFA gaps, and hunting hidden threats.” With attackers growing more sophisticated, resilience now hinges on speed, collaboration, and AI-powered defenses.
About The Author
