Critical infrastructure, which is powered by operational technology (OT) consisting of hardware and software used to operate physical assets like industrial equipment or building management systems, remains a target of USB-derived cyber threats, as highlighted in Honeywell’s USB Threat Report. OT environments need to enhance their cybersecurity measures, given the increasing frequency and sophistication of cyberattacks on industrial sites in recent years.
The report specifically focuses on malware found on USB storage devices that are used to transfer files within, to, and from industrial facilities. Cyber attackers are growing more sophisticated and are well-versed in the operations of industrial environments, enabling them to potentially cause significant damage. Many attackers are using USB devices to secretly infiltrate industrial control systems, observing operations before launching attacks that exploit the systems’ capabilities.
A notable trend highlighted in the report is the increasing targeting of industrial systems by malware. In fact, 31% of malware attacks were aimed at industrial systems and sites, showcasing a rising trend since 2016 when only 16% of malware attacks were industrial-focused. The impact of malware on OT environments can be substantial, leading to loss of visibility, control, or system outages that can severely disrupt industrial operations.
According to Honeywell’s research, a majority (82%) of malware is capable of disrupting industrial operations, signaling a significant threat to critical infrastructure. Furthermore, the report reveals that a growing number of targeted attack campaigns use removable media like USB devices, with over half (51%) of malware attacks in 2024 targeted at USB devices, marking a nearly six-fold increase from the 9% reported in 2019. This trend underscores the urgent need for OT environments to bolster their cybersecurity defenses against USB-derived cyber threats to safeguard critical infrastructure from potentially devastating attacks.