Threats from USB cyberattacks exist in the manufacturing and industrial sectors and industries
Manufacturing and industrial facilities continue to have major cybersecurity concerns due to the potential of USB-borne malware. According to data from the 2022 Honeywell Industrial Cybersecurity USB Threat Report, 52% of threats, up from 32% the year before and more than double the 19% found in the 2020 study, were created especially to use portable devices. The USB Threat Report is based on compiled cybersecurity threat data collected over 12 months from hundreds of industrial facilities worldwide.
The number of cyber threats aimed especially at industrial control systems climbed marginally year over year, rising from 30% to 32%, while those designed to create remote access capabilities remained stable at 51%. The malware’s ability to interfere with industrial control systems also increased, rising to 81% from 79% the year before. Hackers are using USB portable devices to go around network security measures and get beyond the air gaps that many of these institutions rely on for protection. Along with USB attacks, the report shows that Trojans, which make up 76% of the malware found, continue to be a major issue due to their potential to seriously impair industrial facilities and infrastructure. Instead of the harmless testing of cyber defenses, ransomware is now the primary motivation behind cyberattacks. Particularly, ransomware has developed as a tactic and is now a powerful instrument that offers online criminals, large benefits for relatively little risk. In fact, 23% of cyberattacks on industrial companies, according to industry data, involved ransomware. It goes without saying that advances in computer technology have made cyberattacks automated and less reliant on human vectors for assault speed and flexibility. The speed with which new technologies are incorporated into factories and manufacturing sectors raises the possibility that organizations won’t be ready to respond to emerging dangers. The supply chain for manufacturing is more integrated than ever. Modern factory automation systems allow for real-time remote production control, resource allocation planning, mistake detection, and minimization. The manufacturing sector is now just as “connected” as any other IT system as a result of the sophistication of control systems increasing and the rise in off-site controls. At the same time, the automation of the production process through the addition of new goods and services exposes it to security flaws that make it simpler for hackers to breach defenses. When it comes to safeguarding control systems for manufacturing activities, there has been a comparative lack of attention and specialization. Factory automation systems are often handled by the engineering or operations department of an organization, rather than the IT department. Manufacturing systems are not well planned, safeguarded, or updated as IT systems or other ‘sensitive’ areas. When it comes to manufacturing systems and processes, the emphasis on security measures frequently depends on physical security, surveillance, intrusion detection, and business continuity, among other things. The service-level agreements and contracts with system integrators and equipment vendors often do not cover the security of manufacturing systems. Understanding the potential effects of an assault on a partner or supplier on your business is essential. The need for greater visibility into the integrated attack surface was highlighted by a recent study by Forrester Consulting, which was commissioned by Tenable. The study found that 63% of security leaders attributed recent attacks to a third-party software vendor compromise.
The combination of improved training increased security procedures, and industrial sector-specific security solutions are assisting forward-thinking organizations in lowering the danger of cyber-attack. This strategy also speeds up the discovery of breaches while minimizing harm. Although there is still no “silver bullet” that will provide total security, the path to greater security frequently begins with an ICS Security Assessment. Security is a process rather than a final destination. As organizations’ attack surfaces continue to grow, cyberattacks will increase, and the manufacturing sector is no exception. The fact that OT and IT are both under the security limelight at the moment necessitates our continued vigilance and the adoption of security that rationalizes all aspects of the organization’s environment, as cybercriminals will invade when opportunity knocks.