Wednesday, October 16, 2024
Homecyber securityUSB Malware Attacks Targeting Industrial Systems Adapts LOL Tactics

USB Malware Attacks Targeting Industrial Systems Adapts LOL Tactics

Published on

Malware protection

Honeywell’s 2024 GARD USB Threat Report analyzes malware discovered on USB devices used in industrial settings, highlighting a significant increase in malware prevalence, with a 33% rise in detections compared to the prior year. 

The malware poses a serious threat to operational technology (OT) systems, with 26% capable of causing major disruptions like loss of control or data visibility, and also identifies a growing trend of targeted attacks specifically designed to exploit industrial control systems (ICS) and Internet of Things (IoT) devices. 

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

- Advertisement - SIEM as a Service

The findings underscore the critical need for robust USB security measures to protect critical infrastructure from cyberattacks, while an industrial cybersecurity report analyzing data from various OT facilities worldwide reveals a concerning rise in USB-based threats. 

Attackers are exploiting USB devices to circumvent network defenses, infiltrate systems undetected, steal sensitive information, maintain long-term access, and ultimately disrupt or sabotage industrial operations, which underscores the critical need for robust USB security measures within OT environments. 

It analyzes a six-year trend of increasing sophistication in USB-borne malware targeting industrial control systems by identifying a rise in the prevalence and impact of these attacks, including malware designed to exploit process control vulnerabilities. 

The most common malware types used in USB attacks, along with their technical tactics for infecting systems, executing malicious code, and spreading across networks via removable media, have been reported. 

Adversaries are increasingly turning to “living off the land” (LOL) tactics in cyber-physical attacks, which involve exploiting legitimate tools and functionalities within a system to achieve malicious goals, posing a significant challenge as they bypass traditional security measures. 

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

For USB-borne threats, operators should prioritize implementing application whitelisting to restrict unauthorized software execution, and security incident and event management (SIEM) systems can aid in anomaly detection that might indicate LOL techniques. 

Operators can improve their cyber-physical security posture against these ever-evolving threats by combining preventative measures with robust monitoring. 

The report by Honeywell highlights a significant rise in USB-borne cyberattacks, emphasizing the increased susceptibility of systems due to this prevalent attack vector, as the surge in USB drive usage coupled with a disregard for security measures creates a prime target for malware distribution.  

The attacks are not limited to traditional storage drives but can also be delivered through seemingly innocuous devices like phone chargers, which underlines the alarming trend of attackers leveraging USBs to bypass security perimeters and establish persistence within a network. 

Combat Sophisticated Email Threats With AI-Powered Email Security Tool -> Try Free Demo 

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla,...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla,...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...