Cybersecurity roundup: Dragos on Q3 ransomware, Kiteworks on 'legacy' web form exposure

A couple of new reports—Dragos’ rundown on ransomware in the third quarter of 2025 and a Kiteworks release that warns manufacturers of significant exposure via “legacy” web forms—raised some eyebrows this week in industrial cybersecurity circles.

Manufacturing has led all industrial sectors in ransomware for a couple of years at least, and it was no different in Q3 2025, which ended Sept. 30, as the sector accounted for 72% of incidents, according to the Dragos Industrial Ransomware Analysis for Q3, released Dec. 9.

See also: Industries need cyber insurance more than ever, but the rules are tightening

North America was the most targeted region in Q3, with 434 incidents, followed by Europe with 162 (a slight decrease from earlier quarters) and Asia at 73, according to the Dragos report, which noted that tactics from cybercrime supergroups such as Scattered Lapsus$ Hunters were getting more advanced.

Tactics such as multifactor authentication abuse, cloud identity takeover, and virtualization compromise, Dragos noted.

Researchers tracked more than 20 emerging groups, including Gentlemen and Sinobi, many of which are enabled by leaked builders and AI tools, Dragos also noted. Attackers, the OT cybersecurity specialist said, no longer need to breach ICS networks to impact OT.

Major companies, including Jaguar Land Rover and Asahi Group, experienced (no doubt expensive) multiweek production delays after attackers compromised ERP, virtualization, and logistics systems, Dragos noted in their Q3 report.

Web forms emerging as point of entry for cyberattacks

Meanwhile, Kiteworks’ new 2025 Data Security and Compliance Risk: Data Forms Survey Report exposes “a rapidly expanding blind spot across the manufacturing sector”—“legacy” web forms embedded in supplier portals, warranty systems, RMA processes, and customer intake workflows.

These often overlooked interfaces have become a primary attack vector for adversaries attempting to infiltrate manufacturing organizations—and the regulated industries they serve, Kiteworks noted in its release that accompanies the Data Forms Survey Report. The San Mateo, California-based company is vendor of a cybersecurity platform.

The report found that 85% of manufacturers had been victims of web-form security Incidents, also noting that while manufacturers continue to invest in OT data security, production systems, and IP protection, attackers are increasingly exploiting web forms that move sensitive data between manufacturers, suppliers, OEMs, and customers.

According to the Kiteworks report, 88% of organizations experienced at least one web-form security incident in the past 24 months, and 44% suffered a confirmed data breach traced to form submissions.

See also: What industrial and health care breaches teach us about cyber resilience

“Manufacturers sit at the center of global supply chains—and attackers know it,” said Tim Freestone, CMO at Kiteworks. “When a supplier portal, warranty registration form, or RMA interface is compromised, the blast radius extends far beyond the manufacturer. It can expose automotive design files, aerospace specifications, health care procurement data, and partner credentials.”

According to Freestone’s Kiteworks, manufacturers routinely collect highly sensitive information through web forms: 61% collect authentication credentials this way; 58% gather financial records via this method; 36% collect payment card data; and 29% collect government ID numbers.

Manufacturers also route IP, engineering drawings, supplier pricing, and production data through older portals that often lack modern encryption, logging, and validation. These environments have become prime targets for bot attacks (61%), SQL injection (47%), cross-site scripting (39%), session hijacking (28%), and man-in-the-middle attacks (21%), Kiteworks said.

See also: Protecting modern manufacturing systems from socially engineered cyber fraud

“Manufacturers cannot rely on legacy forms and hope audits won’t uncover gaps,” said Patrick Spencer, senior VP of Americas marketing and industry research at Kiteworks. “OEMs increasingly require verifiable controls for every data entry point. If a supplier cannot guarantee data residency, encryption standards, and continuous compliance, they risk losing business.”