USB Malware Attacks Targeting Industrial Systems Adapts LOL Tactics

Honeywell’s 2024 GARD USB Threat Report analyzes malware discovered on USB devices used in industrial settings, highlighting a significant increase in malware prevalence, with a 33% rise in detections compared to the prior year. 

The malware poses a serious threat to operational technology (OT) systems, with 26% capable of causing major disruptions like loss of control or data visibility, and also identifies a growing trend of targeted attacks specifically designed to exploit industrial control systems (ICS) and Internet of Things (IoT) devices. 

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

The findings underscore the critical need for robust USB security measures to protect critical infrastructure from cyberattacks, while an industrial cybersecurity report analyzing data from various OT facilities worldwide reveals a concerning rise in USB-based threats. 

Attackers are exploiting USB devices to circumvent network defenses, infiltrate systems undetected, steal sensitive information, maintain long-term access, and ultimately disrupt or sabotage industrial operations, which underscores the critical need for robust USB security measures within OT environments. 

It analyzes a six-year trend of increasing sophistication in USB-borne malware targeting industrial control systems by identifying a rise in the prevalence and impact of these attacks, including malware designed to exploit process control vulnerabilities. 

The most common malware types used in USB attacks, along with their technical tactics for infecting systems, executing malicious code, and spreading across networks via removable media, have been reported. 

Adversaries are increasingly turning to “living off the land” (LOL) tactics in cyber-physical attacks, which involve exploiting legitimate tools and functionalities within a system to achieve malicious goals, posing a significant challenge as they bypass traditional security measures. 

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

• Real-time Detection
• Interactive Malware Analysis
• Easy to Learn by New Security Team members
• Get detailed reports with maximum data
• Set Up Virtual Machine in Linux & all Windows OS Versions
• Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

Try ANY.RUN for FREE

For USB-borne threats, operators should prioritize implementing application whitelisting to restrict unauthorized software execution, and security incident and event management (SIEM) systems can aid in anomaly detection that might indicate LOL techniques. 

Operators can improve their cyber-physical security posture against these ever-evolving threats by combining preventative measures with robust monitoring. 

The report by Honeywell highlights a significant rise in USB-borne cyberattacks, emphasizing the increased susceptibility of systems due to this prevalent attack vector, as the surge in USB drive usage coupled with a disregard for security measures creates a prime target for malware distribution.  

The attacks are not limited to traditional storage drives but can also be delivered through seemingly innocuous devices like phone chargers, which underlines the alarming trend of attackers leveraging USBs to bypass security perimeters and establish persistence within a network. 

Combat Sophisticated Email Threats With AI-Powered Email Security Tool -> Try Free Demo