Friday, May 24, 2024

USB Malware Attacks Targeting Industrial Systems Adapts LOL Tactics

Honeywell’s 2024 GARD USB Threat Report analyzes malware discovered on USB devices used in industrial settings, highlighting a significant increase in malware prevalence, with a 33% rise in detections compared to the prior year. 

The malware poses a serious threat to operational technology (OT) systems, with 26% capable of causing major disruptions like loss of control or data visibility, and also identifies a growing trend of targeted attacks specifically designed to exploit industrial control systems (ICS) and Internet of Things (IoT) devices. 

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

The findings underscore the critical need for robust USB security measures to protect critical infrastructure from cyberattacks, while an industrial cybersecurity report analyzing data from various OT facilities worldwide reveals a concerning rise in USB-based threats. 

Attackers are exploiting USB devices to circumvent network defenses, infiltrate systems undetected, steal sensitive information, maintain long-term access, and ultimately disrupt or sabotage industrial operations, which underscores the critical need for robust USB security measures within OT environments. 

It analyzes a six-year trend of increasing sophistication in USB-borne malware targeting industrial control systems by identifying a rise in the prevalence and impact of these attacks, including malware designed to exploit process control vulnerabilities. 

The most common malware types used in USB attacks, along with their technical tactics for infecting systems, executing malicious code, and spreading across networks via removable media, have been reported. 

Adversaries are increasingly turning to “living off the land” (LOL) tactics in cyber-physical attacks, which involve exploiting legitimate tools and functionalities within a system to achieve malicious goals, posing a significant challenge as they bypass traditional security measures. 


Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

For USB-borne threats, operators should prioritize implementing application whitelisting to restrict unauthorized software execution, and security incident and event management (SIEM) systems can aid in anomaly detection that might indicate LOL techniques. 

Operators can improve their cyber-physical security posture against these ever-evolving threats by combining preventative measures with robust monitoring. 

The report by Honeywell highlights a significant rise in USB-borne cyberattacks, emphasizing the increased susceptibility of systems due to this prevalent attack vector, as the surge in USB drive usage coupled with a disregard for security measures creates a prime target for malware distribution.  

The attacks are not limited to traditional storage drives but can also be delivered through seemingly innocuous devices like phone chargers, which underlines the alarming trend of attackers leveraging USBs to bypass security perimeters and establish persistence within a network. 

Combat Sophisticated Email Threats With AI-Powered Email Security Tool -> Try Free Demo 


Latest articles

Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program

In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing...

Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft

Gift cards are attractive to hackers since they provide quick monetization for stolen data...

Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities

The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining...

NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers

Zero Trust Maturity measures the extent to which an organization has adopted and implemented...

Chinese Hackers Stay Hidden On Military And Government Networks For Six Years

Hackers target military and government networks for varied reasons, primarily related to spying, which...

DNSBomb : A New DoS Attack That Exploits DNS Queries

A new practical and powerful Denial of service attack has been discovered that exploits...

Malicious PyPI & NPM Packages Attacking MacOS Users

Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users.These...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles