Ransomware Slowdown Masks Rise in Nation-State Attacks on Infrastructure

Severity: High (Score: 60.0)

Sources: Industrialcyber.Co, Darkreading

Summary

The Waterfall Threat Report 2026 reveals a 25% decrease in cyber breaches with physical consequences, dropping to 57 incidents in 2025 from 76 in 2024. This decline is attributed to a temporary slowdown in ransomware activity, which has historically been the primary threat to operational technology (OT) systems. Despite the overall decrease, nation-state and hacktivist attacks doubled in 2025, with many linked to the ongoing conflict related to the Russian invasion of Ukraine. Significant incidents included a major production shutdown at Jaguar Land Rover and disruptions at Collins Aerospace. The report indicates that the majority of attacks in the 'Unknown' category are likely ransomware-related, as there were no claims made by hacktivists or details contradicting this theory. The report emphasizes the need for improved cybersecurity measures, particularly for vulnerable OT systems, as attackers exploit basic security oversights. The trend raises concerns about the potential for more sophisticated attacks in the future. Key Points: • Cyber breaches with physical consequences fell by 25% in 2025, totaling 57 incidents. • Nation-state and hacktivist attacks doubled, largely linked to the Russia-Ukraine conflict. • Ransomware remains a significant threat, with many attacks categorized as 'Unknown' likely being ransomware-related.

Key Entities

• Data Breach (attack_type)
• Malware (attack_type)
• Ransomware (attack_type)
• Collins Aerospace (company)
• Jaguar Land Rover (company)
• Marquis (ransomware_group)
• Canada (country)
• Germany (country)
• Iran (country)
• Italy (country)
• Russia (country)
• Manufacturing (industry)
• T1078 - Valid Accounts (mitre_attack)
• T1133 - External Remote Services (mitre_attack)
• Shodan (tool)