April 29, 2024 at 09:57AM
Honeywell’s sixth annual report warns of an increase in USB-borne malware sophistication targeting industrial systems. Notably, 31% of the malware aims at industrial organizations, and 80% can disrupt operational technology processes. Malware frequency has increased by 33%, and adversaries are shifting towards living-off-the-land strategies. The full 2024 Honeywell USB Threat Report is available in PDF format.
From the meeting notes, I have extracted the following key takeaways:
1. Honeywell’s sixth annual report highlights a significant increase in the sophistication of USB-borne malware targeting industrial organizations. 31% of detected malware is associated with campaigns targeting industrial systems or companies.
2. The majority of the malware (over 50%) is designed to target or spread via USB drives, facilitating the crossing of air-gapped systems, and around 50% of it is capable of connecting to a remote server.
3. 80% of the detected malware is capable of disrupting operational technology (OT) processes, including ransomware, wipers, and malware designed to manipulate or disrupt control.
4. There is evidence of a shift towards living-off-the-land (LotL) strategies by adversaries, combining sophisticated detection avoidance and persistence techniques with execution techniques leveraging the inherent capabilities of target systems.
5. Approximately 20% of the USB-borne malware is content-based, abusing existing document and scripting functions, rather than exploiting new vulnerabilities.
6. There has been an increase in malware targeting Linux and other platforms, including those specifically designed for industrial facilities.
7. The amount of detected malware relative to the total number of scanned files has increased by approximately 33% compared to the previous year, and there has been a significant year-over-year increase in the amount of blocked malware.
These takeaways highlight the growing threat of USB-borne malware to industrial organizations and the increasing sophistication and frequency of attacks. Honeywell’s full 2024 USB Threat Report is available in PDF format for further details.