A new report from Honeywell GARD (Global Analysis, Research, and Defense) has found that USB devices “continue to pose a major threat” to industrial control systems and critical infrastructures, and comments that protecting critical infrastructure from a cyberattack has never been more important.
The 2024 USB Threat Report provides a detailed analysis of USB-borne malware affecting industrial control systems and critical infrastructures. Drawing data from numerous global OT facilities, the report highlights emerging trends in threats utilising USB devices to bypass network defenses, evade detection, gather information, establish persistence and disrupt or damage industrial operations.
Solar and wind farms, chemical plants and even bank ATMs are all examples of critical infrastructure run by operational technology (OT), which consists of hardware and software used to operate physical assets, such as industrial equipment in a plant or building management system. OT environments need to take measures to improve their cybersecurity posture, as cyberattacks targeting industrial sites are getting more advanced and more frequent, as Honeywell’s USB Threat Report has shown over the years.
In its sixth year, the USB Threat Report by Honeywell’s Global Analysis, Research and Defense Group examines USB-derived cyber threats. This report focuses specifically on malware found on USB storage devices used to carry files into, out of and in-between industrial facilities, as analyzed by Honeywell’s Secure Media Exchange (SMX) product.
Here are five takeaways to know from the 2024 USB Threat Report:
- Cyber attackers are becoming more sophisticated and have a strong understanding of how industrial environments operate.
- This means that they can potentially cause more damage.
- Many attackers are using USB devices to establish silent residency in industrial control systems.
- Instead of simply exploiting vulnerabilities, many intruders hide and observe operations for some time before launching attacks that leverage the inherent capabilities of the systems.
- Malware is increasingly targeting systems specifically used by devices in industrial facilities.
Honeywell says that 31% of malware attacks targeted industrial systems and sites. The percentage of targeted malware attacks has been on the rise since 2016, when the report found 16% of malware attacks were industrial-targeted.
Malware can cause significant impact, such as loss of view, loss of control, or system outages in OT environments.
These significant impacts mean that malware could substantially affect industrial operations. Our research indicates 82% of malware is capable of causing disruption to industrial operations, either through loss of view or loss of control.
Overall, the report found that removable media such as USBs are increasingly used in targeted attack campaigns.
51% of malware attacks are designed for USB devices, according to 2024 data, which is a nearly six-fold increase from 9% reported in the 2019 report.
For more insights on the state of industrial cybersecurity, check out the full 2024 USB Threat Report here.
For more Honeywell news, click here