How AI and ML can thwart a cybersecurity threat no one talks about Posted on : Dec 04 - 2021

Ransomware attackers rely on USB drives to deliver malware, jumping the air gap that all industrial distribution, manufacturing, and utilities rely on as their first line of defense against cyberattacks. Seventy-nine percent of USB attacks can potentially disrupt the operational technologies (OT) that power industrial processing plants, according to Honeywell’s Industrial Cybersecurity USB Threat Report 2021.

The study finds the incidence of malware-based USB attacks is one of the fastest-growing and most undetectable threat vectors that process-based industries such as public utilities face today, as the Colonial Pipeline and JBS Foods illustrate. Utilities are also being targeted by ransomware attackers, as the thwarted ransomware attacks on water processing plants in Florida and Northern California aimed at contaminating water supplies illustrate. According to Check Point Software Technologies’ ThreatCloud database, U.S. utilities have been attacked 300 times every week with a 50% increase in just two months.

Process manufacturing and utilities’ record year of cybersecurity threats

Ransomware attackers’ have accelerated their process of identifying the weakest targets and quickly capitalizing on them by exfiltrating data, then threatening to release it to the public unless the ransom is paid. Process manufacturing plants and utilities globally run on Industrial Control Systems (ICS) among the most porous and least secure enterprises systems. Because Industrial Control Systems (ICS) are easily compromised, they are a prime target for ransomware.

A third of ICS computers were attacked in the first half of 2021, according to Kaspersky’s ICS CERT Report.  Kaspersky states that the number of ICS vulnerabilities reported in the first half of 2021 surged 41%, with most (71%) classified as high severity or critical. Attacks on the manufacturing industry increased nearly 300% in 2020 over the volume from the previous year, accounting for 22% of all attacks, according to the NTT 2021 Global Threat Intelligence Report (GTIR). The first half of 2021 was the biggest test of industrial cybersecurity in history. Sixty-three percent of all ICS-related vulnerabilities cause processing plants to lose control of operations, and 71% can obfuscate or block the view of operations immediately.

A SANS 2021 Survey: OT/ICS Cybersecurity finds that 59% of organizations’ greatest securing challenge is integrating legacy OT systems and technologies with modern IT systems. The gap is growing as modern IT systems become more cloud and API-based, making it more challenging to integrate with legacy OT technologies.

USBs: The threat vector no one talks about

The SolarWinds attack showed how Advanced Persistent Threat (APT)-based breaches could modify legitimate executable files and have them propagate across software supply chains undetected. That’s the same goal ransomware attackers are trying to accomplish by using USB drives to deliver modified executable files throughout an ICS and infect the entire plant, so the victim has no choice but to pay the ransom. View more