Nozomi Networks

70% of global ransomware activity targets English-speaking countries.

In the second half of 2025, 40% of all ransomware attacks targeted US-based companies.

In the second half of 2025, ransomware attacks against Canada and the UK accounted for a combined 30% of attacks.

Scattered Spider accounted for 42.9% of all actor-related alerts in the second half of 2025.

Only 2% of organizations in industrial and critical infrastructure environments use enterprise-grade authentication such as 802.1X.

68% of observed wireless networks in industrial and critical infrastructure environments operate without Management Frame Protection (MFP) despite using modern encryption.

Approximately 98% of observed wireless networks rely exclusively on Pre-Shared Key (PSK)–based authentication.

Manufacturing was at the highest risk of attacks in the 2nd half of 2024.

Nearly half (48.4%) of observed cyber threat alerts occurred in the Impact phase of the cyber kill chain in the 2nd half of last year.

Among 619 newly published vulnerabilities in the 2nd half of 2024, 71% were classified as critical.

25% of all observed alerts involved Command and Control (C&C) techniques in the 2nd half of last year.

20 vulnerabilities had high Exploit Prediction Scoring System (EPSS) scores, indicating a high likelihood of future exploitation.

Only 6% of over 500,000 wireless networks worldwide are adequately protected against wireless deauthentication attacks.

Manufacturing was followed by Energy, Communications, Transportation and Commercial Facilities in terms of ICS security advisories released by CISA.

In the 2nd half of 2024, critical infrastructure organisations in the United States saw the highest number of attacks.

Critical manufacturing accounted for 75% of all Common Vulnerabilities and Exposures (CVEs) reported by CISA in the past six months.