Talos Highlights 2025 Ransomware Surge Targeting Manufacturing and Rise of Living‑Off‑The‑Land Tactics
What Happened — Cisco Talos released its 2025 ransomware outlook, noting a sustained wave of ransomware attacks against manufacturing firms and a sharp increase in “living‑off‑the‑land” (LoL) techniques that abuse legitimate admin tools. The report also flags a growing pool of “zombie” vulnerabilities—unpatched flaws that enable silent credential‑theft and lateral movement.
Why It Matters for TPRM —
- Ransomware remains a top supply‑chain risk, especially for vendors that manage production lines or OT environments.
- LoL tactics bypass many traditional AV controls, demanding stricter credential hygiene and privileged‑access monitoring across third‑party relationships.
- Zombie vulnerabilities highlight the need for continuous patch management and verification of vendor remediation timelines.
Who Is Affected — Manufacturing, Industrial Automation, Managed Service Providers (MSPs) supporting OT, and any downstream customers relying on those services.
Recommended Actions — Review ransomware resilience of critical manufacturing vendors, enforce multi‑factor authentication and least‑privilege for admin accounts, and require proof of timely patching for known “zombie” CVEs.
Technical Notes — Attack vector trends include credential‑theft via phishing, abuse of native Windows tools (PowerShell, WMI), and exploitation of unpatched CVEs in legacy PLC firmware. No specific CVE is disclosed in the Talos summary. Source: Cisco Talos – 2025 Ransomware Trends