TLDR:
- Honeywell’s annual report warns of increasing sophistication in USB-borne malware targeting industrial organizations.
- Analysis shows that 31% of detected malware is associated with campaigns targeting industrial systems.
An analysis conducted by Honeywell shows that much of the USB-borne malware targeting industrial organizations can still cause OT disruption. The report, based on data collected by Honeywell’s Global Analysis, Research and Defense (GARD) team, reveals that 31% of detected malware is part of campaigns targeting industrial systems. More than half of the malware targets or spreads via USB drives, with the capability to connect to a remote C&C server. 80% of the malware detected can cause disruptions to operational technology processes. There is a shift towards using living-off-the-land (LotL) strategies to avoid detection and remain persistent. The company has seen an increase in malware targeting Linux platforms and leveraging existing document and scripting functions. The amount of blocked malware has increased by approximately 33% from the previous year. Honeywell warns that known threats are becoming more sophisticated and pose a significant risk to operations.