According to a report, 52% of malware can use USB drives to bypass network security

Hackers are increasingly using USB drives to carry out malware attacks against businesses.

A 2022 Industrial Cybersecurity USB Threat report from Honeywell shows that 52% of threats detected at industrial facilities can exploit removable media such as USB drives, up from 32% last year and 19% in 2020.

About 81% of threats were capable of disrupting operational technology (OT), up from 79% last year.


OT includes the hardware and software used in a factory to monitor and control physical devices such as machinery.

The report explains that USB removable media allow hackers to bypass network-level security and bypass air holes, which are used by most modern industrial installations. Air spacing is a cybersecurity measure used to keep one or more computers isolated from untrusted or insecure networks or network devices

According to Honeywell, USB devices are actively used in industrial facilities, which is one of the reasons the study focused on USB-based threats.


“It is now painfully clear that USB removable media is being used to penetrate industrial/OT environments, and that organizations must adopt formal programs to defend against this type of threat to avoid costly downtime,” said Jeff Zindel, vice president and general manager of Honeywell Connected Enterprise Cybersecurity.

The report further shows that 51% of USB threats were designed to establish remote access capabilities. The number of threats designed specifically to target industrial control systems (ICS) also fell from 30% in 2021 to 32%.

The findings of the Honeywell report were based on aggregated threat data from hundreds of industrial facilities around the world over a 12-month period.


Earlier this year, the Federal Bureau of Investigation (FBI) in the United States warned against sending malicious USB sticks to companies using the postal service, hoping that a gullible employee would connect them to a system in working condition and this would give them the possibility of implanting malicious software. .

The FBI suspects the involvement of FIN7, a notorious cybercrime group behind the Darkside and BlackMatter ransomware operations.