The increasing sophistication of cyber threats is a pressing concern across various sectors, as highlighted in the latest reports from the IT Information Sharing and Analysis Center (IT-ISAC) and the Food and Agriculture Information Sharing and Analysis Center (Food and Ag-ISAC). These reports outline a disconcerting reality where organizations, from cloud computing giants to essential food supply chains, grapple with relentless adversaries ranging from state-sponsored actors to sophisticated cybercriminals.
### Understanding the Threat Landscape: The PASS Framework
To navigate this complex threat terrain, both ISACs employ the Predictive Adversary Scoring System (PASS). This innovative tool, created with insights from numerous ISAC members and partners, effectively translates raw intelligence into actionable insights. It assesses threat actors based on their recent activity, frequency of attacks on specific sectors, technical sophistication, and underlying motivations. Each potential threat is then scored on a scale from 0 to 100, enabling organizations to focus their defenses on the entities most likely to represent credible threats to their operations.
### 2025: A Year of Diverse Threats
The 2025 data reveals that cyber adversaries are highly active, particularly in the IT and food and agriculture sectors, with 77 and 72 identified active threat actors respectively. While there is some overlap among the actors targeting these sectors, their motivations and the frequency of their attacks vary. Notably, high-capability nation-state actors occupy the forefront of the threat landscape, with the Lazarus Group notably dominating both sectors, scoring 89.0 in IT and 84.0 in food and agriculture. This group has established a consistent presence, primarily for facilitating state-sponsored theft and cryptocurrency-related crimes.
In the IT sector, adversaries like Sandworm, with a score of 84.0, focus on geopolitical disruptions. Conversely, the food and agriculture sector faces increasing threats from ransomware groups like Qilin and Akira. The emergence of hacktivist groups, such as Dark Engine with a score of 76.0, further signifies that ideological conflicts are spilling over into critical areas like the global food supply.
### The Geopolitical Context of Cyber Threats
A closer look at the origins of these cyber threats paints a picture of ongoing global rivalries. Noteworthy is the significant involvement of Russian-based threat actors, who account for approximately 48.4% of IT-related threats and a staggering 59.3% related to food and agriculture. This volatile mix underscores the dual role of state-sponsored espionage and opportunistic criminal enterprises targeting vital sectors for extortion.
China also features prominently, with its actors representing 29% of threats in IT and about 25.4% in food and agriculture. Their tactics have evolved, focusing more on embedding themselves within critical infrastructure to establish long-term access rather than immediate data theft.
Similarly, although Iran and North Korea have a smaller presence in terms of threat actors, their capabilities remain formidable. Iranian actors persistently promote their regime’s interests, while North Korean hackers are notorious for using fraudulent identities to exploit security systems, thus providing financial support to their government.
### Tactics: The Shift to LOTL
One of the notable findings from the reports is the widespread adoption of “living-off-the-land” (LOTL) tactics among adversaries. A striking fact is that 100% of identified adversaries across both sectors have utilized legitimate system tools like PowerShell and Windows Management Instrumentation (WMI) to execute their attacks. Furthermore, over 96% have adapted existing malware to bypass conventional antivirus solutions.
This stealthy approach enables attackers to blend in with legitimate network traffic, allowing them to establish prolonged access within target systems. In fact, the preference for persistence over immediate disruption indicates a clear strategy where adversaries carefully exploit third-party vendors before making ransom demands—an approach evident in around 80% of attacks across both sectors.
### Cultivating a Collective Defense
In response to a landscape dominated by skilled and tactical adversaries, organizations must strategically allocate their security resources. One foundational recommendation remains the implementation of multi-factor authentication (MFA), which can substantially hinder attackers seeking to exploit stolen credentials.
Moreover, as attacks often proliferate from corporate networks into operational technology (OT) environments, segmenting these systems can significantly mitigate risks. While there are solid business reasons for integrating IT and OT systems, maintaining a clear separation can prevent security breaches in corporate networks from jeopardizing critical industrial control systems.
In addition to traditional file-based detection methods, there is a pressing need for enhanced monitoring of anomalous activities within systems. Companies must maintain rigorous backup protocols and develop, refine, and rehearse incident response plans. The manner in which an organization responds to a cyber breach can be pivotal, determining whether it recovers or succumbs to the incident.
### Building Resilience Through Collaboration
The evolving cyber threat landscape suggests that no organization can effectively tackle these challenges in isolation. Participation in shared intelligence networks allows companies to transform individual insights into collective strength, fostering an environment of informed decision-making. This collaborative approach not only supplements internal security teams but also enhances the resilience of entire sectors against evolving threats.
Ultimately, as the digital landscape grows increasingly intricate and interconnected, fostering voluntary engagement with industry peers may prove essential in building a more robust defense against current and future cyber threats. Organizations must acknowledge that the complexity of today’s threat environment necessitates a united front to ensure the integrity and security of our critical infrastructures.