- Neeve
- Posts
- 🚨 OT Ransomware Explodes:
🚨 OT Ransomware Explodes:
Fines, leaks, and hacks—key cyber updates
Alison Bridge
June 10, 2025
Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.
This Week’s Cyber Insights
Facility managers face an unprecedented threat landscape as ransomware groups pivot aggressively toward operational technology systems. New intelligence from Honeywell's 2025 Cyber Threat Report reveals a staggering 46% increase in OT-targeted attacks during Q1 2025, with the Cl0p ransomware syndicate emerging as the dominant threat actor targeting manufacturing, water treatment, and energy facilities.
2,472 new ransomware victims reported in Q1 2025, adding to 6,130 incidents documented in 2024
Over half of SEC-disclosed cybersecurity incidents (30 of 55 cases) were direct attacks on OT systems
W32.Worm.Ramnit trojan surged 3,000% as attackers weaponize it to harvest OT credentials
USB-based attack vectors account for 25% of successful infrastructure breaches
Agriculture and food production facilities face exponential increases in targeting
🤔 The Bigger Picture:
With new SEC reporting mandates requiring disclosure of material cybersecurity incidents, facility operators can no longer treat OT security as optional. Organizations must immediately implement Zero Trust architecture and AI-enhanced monitoring to detect threats before they disrupt operations.
Artificial intelligence has fundamentally transformed cybercrime from opportunistic attacks into a sophisticated $10.5 trillion industry—equivalent to the world's third-largest economy. The recent ransomware attack on Synnovis, which forced cancellation of 12,000 NHS medical procedures and caused long-term patient harm, demonstrates how AI-enhanced attacks now threaten human safety in addition to business operations.
Voice phishing attacks surged 442% as AI generates perfect accent replications and real-time conversation
Scattered Spider group's attack on Marks & Spencer resulted in ÂŁ600 million market cap loss
Ben Gurion University researchers developed universal "jailbreaking" techniques for all major AI systems
"Dark LLMs could democratize dangerous knowledge at unprecedented scale" warn security researchers
Agentic AI will achieve "level three autonomy" within two years, enabling fully autonomous attack campaigns
🤔 The Bigger Picture:
Facility managers must prepare for AI adversaries capable of autonomous reconnaissance, social engineering, and system exploitation. Traditional security awareness training becomes insufficient when AI can generate perfect impersonations of executives, vendors, and technical support personnel..
Security operations teams face a dangerous new challenge as AI-powered threat detection tools generate false attack signals that could trigger unnecessary shutdowns of critical infrastructure. AI hallucinations—where large language models produce incorrect, misleading, or biased information—pose significant risks when integrated into cybersecurity tools that make decisions about operational technology environments.
AI models can recommend defensive changes that actually introduce risk instead of fixing problems
False attack signals particularly dangerous in OT environments where plant shutdowns are costly and complex
Hallucinations occur when models skip important threat characteristics or misidentify benign activity as malicious
Healthcare and education sectors face elevated risks from AI-generated false positives
Current AI collaboration requires 80/20 human-machine interaction, with majority of tasks needing human verification
🤔 The Bigger Picture:
For facility managers, AI hallucinations represent a critical operational risk where false threat detection could trigger emergency shutdowns or manual failovers. Organizations must implement "four-eyes" review processes similar to code development, ensuring human verification before AI-recommended security actions impact operational systems.
Artificial intelligence has weaponized cybercrime to unprecedented scales, with new Fortinet research revealing 36,000 automated attack scans per second targeting critical infrastructure globally. The dramatic 16.7% year-over-year increase in automated scanning represents a fundamental shift as threat actors leverage AI to "shift left" toward vulnerable digital assets earlier in attack lifecycles, specifically targeting Remote Desktop Protocol, IoT systems, and Session Initiation Protocols.
Automated scanning activity increased 16.7% with 36,000 scans per second recorded globally
Over 1.7 billion stolen credentials now circulating on dark web following 500% increase in compromised system logs
Compromised credentials for sale increased 42% as cybercriminals exploit massive credential databases
United States targeted in 61% of ransomware incidents, followed by UK (6%) and Canada (5%)
RansomHub emerged as most active group claiming 13% of victims, followed by LockBit 3.0 (12%) and Play (8%)
🤔 The Bigger Picture:
AI-powered threat actors are systematically targeting infrastructure protocols that facility managers rely on for remote access and IoT device management. The massive scale of automated reconnaissance means traditional perimeter defenses become ineffective against AI adversaries capable of identifying vulnerabilities faster than human security teams can patch them.
Further Alerts & Insights
đź’Ą State Actors Deploy Infrastructure-Destroying "PathWiper" Malware
New destructive malware targeting Ukrainian critical infrastructure demonstrates evolution from data theft to complete operational destruction. Russia-nexus threat actors exploit legitimate administrative tools to deploy wiper malware that permanently destroys industrial control systems, targeting Master Boot Records and file systems to render facilities completely inoperable.
🛡️ Shadow AI Creates Data Loss Blind Spots in Enterprise Networks
Organizations blocking public AI tools face growing "Shadow AI" risks as employees use personal devices and accounts to access GenAI applications. Zscaler research reveals 36x increase in AI/ML traffic with over 800 different AI applications in use, while data loss prevention systems blocked over 4 million instances of sensitive enterprise data being sent to AI platforms without proper controls.
🌞 Solar Power Infrastructure Exposes 35,000 Critical Vulnerabilities
Comprehensive cybersecurity investigation reveals alarming vulnerabilities in rapidly expanding solar energy infrastructure across 42 vendors worldwide. Europe accounts for 76% of vulnerable systems, with Germany and Greece leading exposure rates. CONTEC SolarView Compact devices experienced 350% increase in internet exposure, with 800 Japanese installations hijacked for cryptocurrency theft operations.
đź“ą New Eleven11bot Compromises 86,000 IP Cameras for DDoS Operations
Sophisticated botnet operation targets poorly secured IP cameras to construct massive distributed denial-of-service networks capable of terabit-scale traffic generation. StormWall analysts report 96% increase in carpet bombing attacks across Asia-Pacific region as attackers deploy multiple attack vectors simultaneously using compromised IoT devices below detection thresholds.
🎮 Play Ransomware Gang Hits 900 Organizations Using SimpleHelp Exploits
FBI reports tripling of Play ransomware victims from 300 to 900 organizations since 2023, with threat actors exploiting three SimpleHelp RMM vulnerabilities (CVE-2024-57727, CVE-2024-57728, CVE-2024-57726) for initial access. Group recompiles ransomware for each attack to evade detection and targets ESXi environments to encrypt virtual machine infrastructure.