Industrial big Honeywell on Wednesday printed its 2025 Cybersecurity Risk Report, which reveals that ransomware and different malware assaults have surged within the industrial sector.
Honeywell’s report reveals — primarily based on OSINT and business sources — that there was a major enhance in ransomware assaults on industrial organizations. Whereas these assaults didn’t essentially impression operational expertise (OT) techniques, greater than half of the 55 cybersecurity incidents reported to the SEC in 2024 did have an effect on OT.
Nevertheless, probably the most attention-grabbing findings in Honeywell’s newest report are primarily based on knowledge collected by the corporate’s personal industrial cybersecurity merchandise, which monitor networks for assaults, scan USB drives for malware, and supply menace and danger intelligence.
The corporate’s SMX USB scanning resolution checked over 31 million recordsdata in This fall 2024 and Q1 2025, blocking almost 5,000 recordsdata and detecting greater than 1,800 distinctive threats, together with 124 that weren’t beforehand seen.
Probably the most generally detected malware, which accounted for 42% of detections, had been Win32.Worm.Ramnit, Trojan.scar/shyape, Trojan.lokibot/stealer, and Win32.Worm.Sohanad.
The one which stands out probably the most is Ramnit, a chunk of Home windows malware that has been round for a few years and which has a number of variants. There are Ramnit worms and viruses that unfold by way of USB flash drives, in addition to trojans that give attackers management of the sufferer’s PC and allow them to steal delicate data akin to banking knowledge and credentials.
Honeywell noticed a whopping 3,000% enhance in Ramnit infections within the fourth quarter of 2024, in comparison with the second quarter of the identical yr.
“W32.Rmnit is primarily a banking trojan used to steal account credentials; nevertheless, given its saturated presence in Honeywell industrial clients’ ecosystems, it could possible be assumed it has been repurposed to extract management system credentials,” Honeywell defined.Commercial. Scroll to proceed studying.
Paul Smith, director of Honeywell OT Cybersecurity Engineering and creator of the report, advised SecurityWeek that the idea of a shift in the direction of industrial management system (ICS) credentials is predicated on the truth that the corporate detected no Ramnit infections in Q1 2024, nevertheless it quickly grew to become the menace with the very best variety of detections.
“We’ve got found and blocked 1000’s of instruments, trojans, spy ware, ransomware, crypto lockers, and lots of iterations and variants of nasty recordsdata that creep into organizations both by absentminded workers, pentesters, purple teamers, blue teamers, and sure even nation state degree menace actors,” Smith mentioned.
“With the present pattern and Ramnit being the chief for the final three quarters, one has to surprise if it is a directed assault or just an environment friendly credential extraction device that’s simply distributed,” Smith defined.
The skilled identified that many ICS merchandise run on Home windows gadgets, and it wouldn’t be shocking that such a chunk of malware, which leverages living-off-the-land (LOL) binaries to hold out malicious actions, can be the weapon of alternative for menace actors on the lookout for management system credentials, contemplating that the focused techniques are possible already internet hosting the required LOL instruments.
Associated: China’s Secret Weapon? How EV Batteries May Be Weaponized to Disrupt America
Associated: 35,000 Photo voltaic Energy Techniques Uncovered to Web
Associated: Essential Flaw Permits Distant Hacking of AutomationDirect Industrial Gateway
