Honeywell’s USB Threat Report has highlighted the growing threat of cyberattacks on critical infrastructure, which is powered by operational technology (OT) consisting of hardware and software used to operate physical assets like industrial equipment or building management systems. The report specifically focuses on malware found on USB storage devices that are used to transfer files within, to, and from industrial facilities.
Malware attackers are becoming increasingly sophisticated and well-versed in the operations of industrial environments, enabling them to potentially cause significant damage. They are using USB devices to secretly infiltrate industrial control systems, observing operations before launching attacks that exploit the systems’ capabilities. A notable trend highlighted in the report is the increasing targeting of industrial systems by malware. In fact, 31% of malware attacks were aimed at industrial systems and sites, showcasing a rising trend since 2016 when only 16% of malware attacks were industrial-focused.
According to Honeywell’s research, a majority (82%) of malware is capable of disrupting industrial operations, signaling a significant threat to critical infrastructure. Furthermore, the report reveals that a growing number of targeted attack campaigns use removable media like USB devices, with over half (51%) of malware attacks in 2024 targeted at USB devices, marking a nearly six-fold increase from the 9% reported in 2019. This trend underscores the urgent need for OT environments to bolster their cybersecurity defenses against USB-derived cyber threats to safeguard critical infrastructure from potentially devastating attacks.
