According to a report, 52% of malware can use USB drives to bypass network security

0

Hackers are increasingly using USB drives to carry out malware attacks against businesses.

A USB Threat to Industrial Cybersecurity in 2022 report by Honeywell shows that 52% of threats detected on industrial installations can exploit removable media such as USB keys, compared to 32% last year and 19% in 2020.

About 81% of threats were capable of disrupting operational technology (OT), up from 79% last year.

Loading...

OT includes the hardware and software used in a factory to monitor and control physical devices such as machinery.

The report explains that USB removable media allow hackers to bypass network-level security and bypass air holes, which are used by most modern industrial installations. Air spacing is a cybersecurity measure used to keep one or more computers isolated from untrusted or insecure networks or network devices

According to Honeywell, USB devices are actively used in industrial facilities, which is one of the reasons the study focused on USB-based threats.

Loading...

“It is now painfully clear that USB removable media is being used to penetrate industrial/OT environments, and that organizations must adopt formal programs to defend against this type of threat to avoid costly downtime,” said Jeff Zindel, vice president and general manager of Honeywell Connected Enterprise Cybersecurity.

The report further shows that 51% of USB threats were designed to establish remote access capabilities. The number of threats designed specifically to target industrial control systems (ICS) also fell from 30% in 2021 to 32%.

The findings of the Honeywell report were based on aggregated threat data from hundreds of industrial facilities around the world over a 12-month period.

Loading...

Earlier this year, the Federal Bureau of Investigation (FBI) in the United States warned on malicious USB sticks sent to companies using the postal service, hoping that a gullible employee would connect them to a working system and that would give them the opportunity to plant malware.

The FBI suspects the involvement of FIN7, a notorious cybercrime group behind the Darkside and BlackMatter ransomware operations.

Share.

Comments are closed.