IT in Manufacturing


From Trojan takeovers to ransomware roulette

July 2025 IT in Manufacturing

Cisco’s Cyber Threat Trends Report offers a comprehensive and overview of the evolving cyber security landscape, leveraging its vast global reach through the analysis of DNS traffic. With visibility into over 715 billion DNS requests daily, Cisco provides a unique perspective into malicious activity across the internet. The report draws on eight months of DNS-layer data from August 2023 to March 2024 collected via Cisco Umbrella, and presents a detailed analysis of trends across various categories of threats.

The findings reveal that information stealers were the most frequently detected threat type throughout the reporting period. These are tools and malware designed to exfiltrate data such as documents, video and audio from compromised systems. Their activity was not constant but followed a wave-like pattern, with periods of intense detection followed by relative quiet. Cisco suggests that this lull may reflect operational pauses, during which attackers analyse and monetise stolen data before launching new campaigns.

In contrast, Trojan activity showed a notable decline over the same time span. Trojans, often used to gain an initial foothold in a network, started off strong but decreased significantly in later months. However, this did not signal an overall drop in cyber threats. Instead, ransomware activity surged dramatically in January 2024 and remained high into March. Cisco theorises that this shift reflects a tactical relationship between Trojans and ransomware. Frequently, threat actors deploy a Trojan first to establish access and later use that access to deliver ransomware payloads, encrypting data and extorting victims for payment.

The report also observed fluctuating activity in other threat categories, including remote access Trojans (RATs), advanced persistent threats (APTs), botnets, droppers and backdoors. Each showed distinct patterns of DNS behaviour and seasonal variation. RATs and APTs, in particular, represented more targeted and stealthy attack strategies that are harder to detect through traditional security tools but still leave traces at the DNS layer.

A central theme in the report is the critical role of DNS in modern cyber attacks. Almost all malware needs to make a DNS request to reach a command-and-control server, download payloads or exfiltrate data. By monitoring DNS queries, defenders can identify suspicious behaviours early, often before the actual attack fully unfolds. Cisco Umbrella, for example, blocks more than one million malicious domains every hour by detecting these behaviours in real time. DNS-layer protection can therefore act as a crucial frontline defense, stopping threats before they reach internal systems.

In addition to DNS protection, Cisco emphasises the importance of a layered security approach. This involves combining DNS-level filtering with endpoint security technologies such as antivirus, endpoint detection and response tools. A defense-in-depth strategy is essential because even if one control fails, others can catch the threat before it causes damage. Cisco compares this to having multiple bouncers at a club. If one misses an intruder, another can intervene. Their broader security stack, including Cisco Secure Access, integrates services such as secure web gateway (SWG), cloud access security broker (CASB), zero trust network access (ZTNA), remote browser isolation, data loss prevention (DLP) and malware detection to cover a range of attack vectors and user environments.

Cisco Talos, the company’s threat intelligence team, contributed further insight into the threat landscape. Their research highlighted identity-based attacks as the most common vector for breaches. Phishing, credential theft and misuse of legitimate accounts were involved in 60% of incident response cases, underscoring the need for strong identity protection such as multi-factor authentication (MFA) and Zero Trust architectures.

The report warns that threats are highly dynamic, often appearing in waves. For instance, when Trojan activity recedes, ransomware may rise. This ebb and flow suggests attackers regroup and shift tactics rapidly, sometimes even repurposing existing access or tools for new campaigns. This kind of fluidity requires defenders to remain agile, adapting their strategies based on threat intelligence and real-time visibility into network behaviour.

Organisations that deploy DNS-layer security in conjunction with endpoint and identity-based defenses are better positioned to detect and prevent threats. DNS filtering catches malicious domains before connections are made; endpoint tools stop payload execution and lateral movement; and identity safeguards limit attackers’ ability to exploit user accounts.

Cisco’s report aligns with broader industry trends. Other analysts, such as those from Deloitte and Gartner, have identified ransomware, social engineering and increasingly sophisticated threat actors as top challenges. Gartner, in particular, recommends a layered, AI-augmented defense model, echoing Cisco’s approach to integrating DNS intelligence with other security technologies.

The report delivers a clear message: defenders must combine deep visibility with multi-layered defenses to keep pace with rapidly evolving threats. DNS-layer protection offers a unique early-warning capability but it is most effective when part of a broader strategy that includes endpoint protection, cloud security, identity management and robust incident response. As attackers continue to shift tactics from data theft to ransomware to stealthy persistence, defenders must stay informed, proactive and flexible in their security architecture. The digital threat landscape is constantly changing and only by integrating intelligence, technology and strategy can organisations stay one step ahead.

To read the full report visit www.instrumentation.co.za/ex/cisco_cyberthreat_trends.pdf




Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Prefabricated data centres for an AI-focused future at the edge
Schneider Electric South Africa IT in Manufacturing
As AI technologies continue to advance, data centres are being pushed to the edge, reshaping their operations to meet daily demands. To meet the relentless demands of AI workloads at the edge, prefabricated data centre solutions offer a scalable, efficient and fast alternative to traditional builds.

Read more...
Quantum computing and its impact on data security: a double-edged sword for the digital age
IT in Manufacturing
Quantum computing is poised to redefine the boundaries of data security, offering groundbreaking solutions while threatening modern encryption’s foundations. For third-party IT providers, this duality presents both a challenge and an opportunity to lead organisations through one of the most significant technological transitions in decades.

Read more...
Next-generation road-legal race car.
Siemens South Africa IT in Manufacturing
Siemens Digital Industries Software has announced that Briggs Automotive Company (BAC) will move to the Siemens Xcelerator portfolio of industry software and use it to develop the next generation of its single-seater road-legal race car, Mono.

Read more...
Cybersecurity at a crossroads
IT in Manufacturing
here’s a growing unease in boardrooms, data centres and cabinet offices across South Africa. It’s not just about economic headwinds or political uncertainty, it’s about something quieter, more technical and yet just as dangerous - the rising tide of cyber threats.

Read more...
Enabling a sustainable industrial organisation
IT in Manufacturing
This article explains the top sustainability trends and key actions that you can leverage to become a more sustainable organisation.

Read more...
Navigating discrete manufacturing in South Africa through digitalisation
IT in Manufacturing
South Africa’s discrete manufacturing sector faces mounting pressure from global competition, fragmented supply chains and outdated infrastructure. In this complex environment, digitalisation is a critical lever for survival, resilience and growth.

Read more...
Africa’s pragmatic approach to AI and how data centres are enabling it
Schneider Electric South Africa IT in Manufacturing
In Africa, the current AI momentum is driven by a fundamental need, building a resilient digital infrastructure that addresses the real-world challenges of the continent’s communities.

Read more...
World first simulation of error-correctable quantum computers
IT in Manufacturing
Quantum computers still face a major hurdle on their pathway to practical use cases, their limited ability to correct the arising computational errors. In a world first, researchers from Chalmers University of Technology in Sweden have unveiled a method for simulating specific types of error-corrected quantum computations.

Read more...
Platform to accelerate supply chain decarbonisation
Schneider Electric South Africa IT in Manufacturing
Schneider Electric has launched Zeigo Hub by Schneider Electric, a powerful new digital platform designed to help organisations decarbonise their supply chains at scale.

Read more...
Future-ready data centres
IT in Manufacturing
The white paper ‘Future-Ready Data Centres’ by Black & Veatch outlines how integrating sustainable design principles not only helps meet ESG goals but also ensures reliability, operational efficiency and business continuity in the face of climate change and growing digital demand.

Read more...









While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd | All Rights Reserved