Cybersecurity companies have specialized in reports over the past few years. Some are merely surveys. Journalists and marketing people love surveys. I had a graduate level class on those things including statistical analysis. I’m not so sanguine. On the other hand, some reports are based on these companies looking into their scrubbed data looking for trends. To develop this report, Honeywell researchers analyzed more than 250 billion logs, 79 million files and 4,600 incident events that were blocked across the company’s global install base.
This one holds forth some interest.
In a growing wave of sophisticated cyber threats against the industrial sector, ransomware attacks jumped by 46% from Q4 2024 to Q1 2025, according to Honeywell’s 2025 Cybersecurity Threat Report. The research also found that both malware and ransomware increased significantly in this period and included a 3,000% spike in the use of one trojan designed to steal credentials from industrial operators.
We should not be surprised given all the international turmoil and state actors at this time. When the Russia/Ukraine conflict is settled, we’ll likely see more criminal activity.
Here’s the obligatory quote in every press release.
“Industrial operations across critical sectors like energy and manufacturing must avoid unplanned downtime as much as possible – which is precisely why they are such attractive ransomware targets,” said Paul Smith, director of Honeywell Operational Technology (OT) Cybersecurity Engineering, who authored the report. “These attackers are evolving fast, leveraging ransomware-as-a-service kits to compromise the industrial operations that keep our economy moving.”
The Cybersecurity and Infrastructure Security Agency (CISA) in the United States defines incidents as substantial if they enable unauthorized access leading to significant operational downtime or impairments. Industry reports show that unplanned downtime, caused by cybersecurity attacks and other issues like equipment failure, cost Fortune 500 companies approximately $1.5 trillion annually representing 11% of their revenue.
Survey finding:
- Ransomware still on the rise: 2,472 potential ransomware attacks were documented in the first quarter of 2025, which represent 40% of the annual total from 2024.
- Trojans exploiting industrial access: A dangerous trojan targeting OT systems – W32.Worm.Ramnit – accounted for 37% of files blocked by Honeywell’s Secure Media Exchange (SMX). This finding points to a 3,000% spike in the trojan compared to the previous quarter.
- USB based threats persist: 1,826 unique USB threats were detected via SMX in Q1 2025, with 124 never-before-seen threats – indicating a persistent risk via external media and USB devices. This built on a 33% increase in USB malware detections in 2023, following a 700% year-over-year surge in 2022.
The report expanded its analysis to include threats delivered through additional plug-in hardware – known as Human Interface Device (HID) – including mice, charging cords for mobile devices, laptops and other peripherals often used when updating or patching software for on-premise systems.
