52% of malware can use USB drives to bypass network security, report

Hackers are increasingly using USB drives to carry out malware attacks on enterprises.  

A 2022 Industrial Cybersecurity USB Threat report by Honeywell shows that 52% of threats detected on industrial facilities can leverage removable media devices such as USB drives as compared to 32% last year and 19% in 2020.

Around 81% of the threats were capable of disrupting operational technology (OT), up from 79% last year.  

OT includes the hardware and software used in a factory to monitor and control physical devices such as machinery.  

The report explains that USB removable media allows hackers to circumvent network-level security and bypass the air gaps, which is used by most modern-day industrial facilities. Air gapping is a cybersecurity measure that is used to keep one or more computers isolated from untrusted or unsecured networks or network devices 

According to Honeywell, USB devices are actively used in industrial facilities, which is one of the reasons the study focused on USB-based threats.  

“It’s now painfully clear that USB removable media are being used to penetrate industrial/OT environments, and that organisations must adopt formal programs to defend against this type of threat to avoid costly disruptions,” said Jeff Zindel, vice president, and general manager at Honeywell Connected Enterprise Cybersecurity.  

The report further shows that 51% of the USB threats were designed to establish remote access capabilities. The number of threats designed specifically to target industrial control systems (ICS) also grew to 32% from 30% in 2021.  

The findings of the Honeywell report were based on aggregated threat data from hundreds of industrial facilities across the world during a 12-month period.  

Early this year, the Federal Bureau of Investigation (FBI) in the US warned about malicious USB drives being sent to companies using postal service, hoping that some gullible employee would connect it to a working system and that will give them the window to plant malware.  

FBI suspects the involvement of FIN7, a notorious cybercrime group behind Darkside and BlackMatter ransomware operations.