Benny Czarny | Source | Founder and CEO at OPSWAT

The FBI recently warned of advanced USB-based attacks by a group called FIN7. The campaign, believed to have started last August, targets American companies, including those in key critical infrastructure industries such as transportation, insurance, and defense. The attackers targeted victims by sending them packages that contain advanced attack tools on the USB devices. These "BadUSBs" pose a significant threat. Here's what you need to know — and do — about them.

“After a series of high-profile cybersecurity incidents over the past years, such as SolarWinds, Microsoft Exchange, Colonial Pipeline, and others, both public and private sectors are coming to understand the importance of defending against targeted and sophisticated attacks—particularly in the critical infrastructure industry. The most recent National Security Memo and Federal Strategy are reminders that organizations – both public and private – have a responsibility to protect both IT and Operational Technology (OT) environments. Privately held organizations can be just as vulnerable as public and government entities and can become easy targets for cybercriminals if proper controls aren’t in place. Defending our nation's critical infrastructure should be a priority for all enterprise organizations and understanding how to manage the protection of these environments should be a collaborative effort between both IT and OT security teams."

“Although it is still too early to determine how these initiatives will play out, increased attention on the catastrophic impacts of critical infrastructure cybersecurity events (e.g. Colonial Pipeline) have pushed organizations to take steps in the right direction,. And with giants like Apple, Google, Microsoft, and JPMorgan Chase engaging in conversations like these, we can hope that others will follow suit.”