Industrial control systems, managed by operational technology (OT), remain a prime target for cyber threats originating from USB devices. Malware transmitted via USB storage devices used to transfer files within and between industrial sites is becoming increasingly prevalent, according to a report by Honeywell.
Cyber attackers are adept at infiltrating industrial environments, with a deep understanding of their operations. This enables them to remain hidden for extended periods, laying the groundwork for devastating attacks that exploit the systems’ intrinsic functionalities. The study reveals that malware aimed at industrial systems is on the rise, with 31% of total malware attacks specifically targeting these systems and sites, representing a significant increase from 2016 when such attacks were recorded at 16%.
Honeywell’s research highlights the damaging effects that malware can have on OT environments. Malware can disrupt visibility, control or cause system downtime, which can lead to significant financial losses and reputational damage for businesses. The study also shows that a substantial majority (82%) of malware possesses the capability to disrupt industrial operations by interfering with visibility or control mechanisms.
Furthermore, there is an emerging trend of malicious software targeting removable media like USB devices. Malware attacks on USBs accounted for over half (51%) of total attacks in 2024 – a notable surge from the 9% reported in the previous 2019 report. As such, it is crucial for OT environments to enhance their cybersecurity measures to protect against such threats.
In conclusion, as industrial facilities become more reliant on critical infrastructure managed by operational technology, they also become more vulnerable to cyber threats originating from USB devices. It is essential to take proactive steps to enhance security measures and ensure that removable media like USB devices are properly secured and monitored in order to prevent potential disruptions or damages caused by malicious software.