New Research: If It’s Online and Vulnerable, It’s a Target—Fast

Cyber threats aren’t lurking in the shadows, waiting for the perfect moment to strike – they’re already scanning, probing, and hitting anything they can find right now. If a system is exposed and unpatched, attackers will find it within hours.

Ontinue’s 2H 2024 Threat Intelligence Report digs into how attackers are evolving their tactics, the biggest threats organizations face, and why the Manufacturing sector continues to be the top target for ransomware. From AI-powered vishing scams and malicious browser extensions to the abuse of built-in Microsoft tools, cybercriminals are getting more creative – and more aggressive.

So, what can security teams do? The report underscores the importance of rapid patching, stronger phishing defenses, and proactive threat detection to stay ahead. Here’s a closer look at what our Advanced Threat Operations (ATO) team uncovered.

Read the full 2H 2024 Threat Intelligence Report.

Ransomware Attacks Surge as Manufacturing Becomes the Top Target

Ransomware groups aren’t slowing down. In fact, they’re evolving. According to Ontinue’s 2H 2024 Threat Intelligence Report, ransomware attacks surged 132%, even as ransom payments dropped by 35%. This signals a shift: cybercriminals are no longer just after payouts. They’re wreaking havoc with double extortion, data destruction, and operational disruption tactics, forcing organizations to rethink their defense strategies.

Manufacturing: The New Bullseye 

One of the most alarming trends in the report? Manufacturing has become the prime target for ransomware attacks. Why? Because downtime in this sector means lost production, missed deadlines, and massive financial impact. Threat actors know that manufacturers often can’t afford prolonged disruptions, making them more likely to pay – or at least suffer significant operational consequences.

The Rise of AiTM Attacks, Phishing, and Vishing

While ransomware dominated headlines, adversary-in-the-middle (AiTM) phishing attacks also emerged as a dominant threat. Attackers are increasingly using sophisticated phishing tactics, often leveraging trusted services like SharePoint and Google Drive to steal credentials. Vishing (voice phishing) has also taken on a new dimension with AI-powered deepfake technology. Cybercriminals are now cloning voices to impersonate executives and trick employees into handing over sensitive information or authorizing fraudulent transactions. In the first quarter of 2025 alone, the ATO team detected a staggering 1633% increase in vishing-related incidents.

Malware Delivery Is Getting Smarter

Threat actors continue to find new ways to infiltrate systems, with browser extensions and malvertising emerging as key delivery mechanisms. Malicious browser extensions, particularly on Chrome, persist even after a system is reimaged – meaning users often unknowingly reintroduce the threat by reimporting their infected browser profiles. Meanwhile, malvertising campaigns are coercing users into running malicious PowerShell commands, often disguising them as troubleshooting steps.

Abusing Built-in Microsoft Tools

Attackers are also increasingly abusing Microsoft’s built-in tools to gain persistence and evade detection. Microsoft Quick Assist and Windows Hello have been leveraged by cybercriminals to maintain access to compromised systems while staying under the radar. Additionally, stolen authentication keys remain a serious concern, allowing attackers to bypass traditional security measures with alarming ease.

The Bottom Line: A More Aggressive Threat Landscape

The cyber threat landscape isn’t just evolving – it’s becoming more aggressive. Attackers are leveraging AI, trusted platforms, and even legitimate software tools to breach defenses and exploit vulnerabilities. Organizations must remain proactive, implementing advanced threat detection, continuous monitoring, and robust security awareness training.

As ransomware groups refine their tactics and new attack vectors emerge, the question isn’t just how to prevent attacks – it’s how to stay ahead of them. Cyber resilience is no longer optional; it’s essential.

Ontinue’s ATO team will continue tracking these trends and providing actionable intelligence to help organizations navigate the ever-changing threat landscape.

Stay informed. Stay prepared. Stay cyber smart.

Read the full 2H 2024 Threat Intelligence report.