More than half of the organizations worldwide have experienced a malware attack on remote devices in 2020 due to the pandemic-induced sudden rush to a digital marketplace.
A vast majority of the malware discovered in 2020 by industrial firms on USB drives was capable of bringing about disruption to the industrial control systems (ICS) – a recent research study from Honeywell reveals.
The study is focused on the data collected by the company’s Forge Secure Media Exchange product to understand the global USB-borne threats connecting to any endpoint within an organization including scattered working model.
The data for Honeywell’s 2021 Industrial Cybersecurity USB Threat Report was collected from firms across different industry verticals with more than 60 countries from the Americas, Europe, and Asia.
According to the study, nearly 79% of the malware identified by its USB security product on the drives scanned by customers last year could disrupt critical operational technology systems. This was up from 59% in 2019.
Basically, the increased severity of such cyber risks comes from increasingly multi-functional malware that can directly –
- Impact the target systems (20%),
- Open backdoors, establishing direct remote access, while command and control (52%),
- Enable download stage-2 payloads (9%).
In fact, over time, the use of USB removable media surged by almost 30% last year. This influenced the overall percentage of malware capable of propagating over USB or exploit USB devices for initial system infection. There was a rise of nearly 19% in 2019 up to 37% in 2020.
Of the tools compromised by malware in 2020, many users still continued accessing their corporate emails or cloud storage for their work – even after being hacked. Relative to the pre-COVID times, there has been a notable increase (for almost 100%) for incorrect content within office hours.
As per the security researchers, Trojans were the most common, and they accounted for roughly 76% of detected threats. Besides, many pieces of malware were wormable or even provided remote access to infected systems.
Given the current scenario, it was found that an increasing number of threats identified on USB solutions (30%) were designed specifically for industrial use. Some of them were even associated with campaigns known to focus on industrial organizations.
While 9% of the malware was executed to deploy additional payloads, over half of the detected cybersecurity threats had the chance to create a permanent backdoor or allow remote access to systems.
As mentioned in the study, “We saw the first indications of this behavior in 2019, and the consistent increase across all of these factors strongly indicates that the patterns are intentional: adversaries targeting industrial operators are specifically leveraging USB removable media as an initial penetration vector, as part of a larger cyber-attack campaign.”