The TYREX Files – January 2026

Breaking News from Tyrex HQ

Yeah, we’re tooting our own horn (just this once, we promise)

Psst… We’ve Got News (and We’re Totally Not Bragging… Okay, Maybe a Little)

So, here’s the thing: we just signed a 3-year contract with Deutsche Bahn – yeah, Europe’s largest railway company. No big deal, right? 

They chose our USB decontamination tech to protect their entire rail operation from those sneaky little flash drives that could carry ransomware and other nasty surprises. Because even the smallest tools can become the biggest security threats when you’re running critical infrastructure that millions of passengers depend on every day.

Why are we mentioning this? Not just to show off (well, maybe 5% showing off), but because it perfectly illustrates what we keep saying in this newsletter: USB security isn’t optional anymore – it’s mission-critical, whether you’re running trains, factories, or any operation where a single infected device could cause chaos.

Okay, humble mode back on. Let’s get to this month’s cyber stories

Top Cybersecurity Stories/News

The cybersecurity highlights of the last few weeks.

Sports Industry Under Siege: Nike and Under Armour Hit Within Days

In the span of just a few days this early January 2026, two giants of the sports industry were struck by major cyberattacks. Nike confirmed the theft of 1.4 terabytes of data by the extortion group WorldLeaks, including sensitive information about employees, partners, and potentially product designs. Almost simultaneously, Under Armour launched an investigation into a data breach after cybercriminals claimed to have compromised their systems. These incidents reveal a troubling trend: sportswear brands are becoming prime targets for hackers, likely due to the value of their intellectual property (designs, product innovations) and the complexity of their international supply chains.

Our 2 Cents:

This double blow to the sports industry within days is no coincidence. Cybercriminals have figured out that these brands are sitting on a goldmine of data: upcoming product designs, technological innovations in materials, marketing strategies, and of course, sprawling supply chains that span every continent.

What strikes us particularly at Tyrex is the vulnerability of these complex supply chains. In the sports industry, design data constantly circulates between design offices in America, production factories in Asia, and distribution centers in Europe. And guess what’s one of the most common ways to transfer these large CAD files and prototypes? Removable media, notably USB drives.

A single compromised USB device, introduced by a supplier or partner during an on-site visit, can become the entry point allowing the exfiltration of 1.4 TB of data like at Nike. Production environments also heavily use USB drives for machine updates, manufacturing program transfers, and technical specification sharing.

The lesson? Even the world’s biggest brands remain vulnerable if they don’t secure ALL entry points into their network – including those little devices everyone underestimates. In a global supply chain, every uncontrolled USB is a potential ticking time bomb.

Apple Manufacturing Partner Luxshare Precision Crippled by Ransomware Attack

The manufacturing sector continues to be in cybercriminals’ crosshairs in this early 2026. After Nike and Under Armour were hit back-to-back in early January, it’s now Luxshare Precision’s turn – a key Apple manufacturing partner – to suffer a devastating ransomware attack. The intrusion, which occurred in mid-December 2025 but was only revealed in January 2026, exposed highly sensitive proprietary data related to iPhone and iPad manufacturing. The attackers used the “double-extortion ransomware” technique: not only did they encrypt the systems, but they also exfiltrated confidential data that they now threaten to publicly disclose. Luxshare Precision, which manufactures critical components for Apple (notably AirPods, iPhone cameras, and other precision electronic components), represents an essential link in Apple’s supply chain. This attack raises serious questions about supply chain security in the consumer electronics industry.

Our 2 Cents:

If you still had any doubts that the manufacturing sector is THE priority target of 2026, this third major attack in less than a month should convince you. Nike, Under Armour, and now a direct Apple partner. This is no longer a coincidence – it’s a clear pattern.

But what makes the attack against Luxshare Precision particularly concerning is the level of sensitivity of the potentially compromised data. We’re not just talking about customer databases or HR files – we’re talking about proprietary iPhone and iPad manufacturing data. Technical specifications, production processes, design innovations worth billions of dollars in R&D. This is the Holy Grail for industrial espionage.

And here’s where it gets really interesting for us at Tyrex: how was this data exfiltrated? The attackers needed to extract potentially gigabytes of CAD files, electronic schematics, component specifications. In a manufacturing environment like Luxshare’s – which, let’s remember, produces for Apple, so with supposedly very high security standards – massive data transfers over the network are generally monitored and blocked.

But guess what often flies under the radar? USB drives and other removable media.

In the precision electronics industry, USBs are ubiquitous:

• Engineers use them to transfer CNC machine programs
• Technicians load firmware updates on test equipment
• Quality controllers retrieve production logs
• External partners arrive with their own drives to share specifications

Each of these drives is a potential entry point – or an exit door for stolen data.

What strikes us in this series of attacks (Nike → Under Armour → Luxshare) is that they all target companies with ultra-complex global supply chains. Dozens of suppliers, hundreds of partners, thousands of subcontractors. And at each link in this chain, someone plugs in a USB drive.

Apple’s supply chain is reputed to be one of the most secure in the world. If even a direct Apple partner can be compromised at this level, what about the thousands of other less-protected manufacturers?

The lesson here is brutal: you can have the best firewalls, the most sophisticated EDRs, and network segmentation worthy of Fort Knox – if you don’t control your physical entry points, especially USBs, you’re leaving the door wide open.

In precision manufacturing like Luxshare’s, where a single compromised drive can contain the manufacturing secrets of the next iPhone, securing every removable device that enters your facilities isn’t an option – it’s an absolute necessity.

USB-Based Cryptomining Campaign: The Gift That Keeps on Taking

As 2025 came to a close, cybersecurity researchers sounded the alarm on a particularly sophisticated malware campaign that continues to spread via USB drives in this early 2026. Revealed by AhnLab Security Intelligence Center in late last year, this attack uses deceptive shortcut files named “USB Drive.lnk” to deploy PrintMiner and XMRig, Monero cryptocurrency mining tools.

The technique is insidious: when a user double-clicks the visible shortcut, the malware executes in the background while displaying the USB drive’s normal files, giving the illusion that everything is functioning normally. The malware is smart enough to automatically deactivate when the user launches a video game or opens Task Manager, making its detection extremely difficult. Once installed, it automatically propagates to all other USB drives connected to the infected computer, creating a chain reaction.

Our 2 Cents:

What strikes us at Tyrex with this campaign is its insidious nature and longevity. An attack that’s been ongoing for several months and continues to claim victims in 2026 speaks volumes about the effectiveness of USB as an entry point.

The diabolical genius of this attack lies in its deceptive simplicity. No need for ultra-sophisticated zero-days or complex vulnerabilities – just a shortcut that looks legitimate and a bit of social engineering. The user sees their files display normally, so they think everything’s fine. It’s the perfect cybercrime: invisible, persistent, and self-propagating.

And let’s talk about this “smart mining” functionality that detects when you launch a game or Task Manager to pause itself. That’s sophisticated engineering level, not Sunday script kiddie stuff. The attackers clearly invested time and resources to create malware that knows how to stay under the radar.

The most worrying point? Automatic propagation via USB. Imagine: an employee plugs their infected personal USB drive into their work PC. The malware spreads. This employee then plugs the same drive into a colleague’s computer to share a file. Re-propagation. This colleague goes home and plugs the drive into their personal PC. And so on. It’s a chain reaction that can contaminate dozens of machines from a single infected drive.

In industrial or OT environments where USB drives are often the only way to transfer data to air-gapped machines, this type of attack is particularly dangerous. A single compromised drive can infect an entire production line.

The lesson? Never trust, always verify – even for a simple USB drive that looks innocent. A decontamination station would have detected this malicious batch script and hidden files BEFORE the first infection. Sometimes, the best defense is a good checkpoint at the entrance.

Gérard’s Top Cybersecurity Resources

To become a cybersecurity “informed” thought leader.

World Economic Forum Global Risks Report 2026: Cybersecurity in a Multipolar World

The World Economic Forum just released its Global Risks Report 2026, and while climate change and geopolitical risks dominate the headlines, there’s a critical cybersecurity story buried in the data that every CISO and security professional needs to understand.

Key Cybersecurity Findings:

Cyber Insecurity Ranks #6 in Short-Term Global Risks

Cyber insecurity has climbed to the 6th position in the two-year risk outlook, reflecting the increasing frequency and sophistication of cyberattacks targeting critical infrastructure, businesses, and governments. This is a significant jump that signals cybersecurity is no longer just an IT problem—it’s a boardroom-level strategic risk.

 

Disruptions to Critical Infrastructure Rising Fast

The report shows that “Disruptions to Critical Infrastructure” rose four positions to #22 in the two-year outlook. What’s particularly concerning? The report explicitly links this to both cyberattacks AND physical attacks on key supply chains, including:

• Satellite networks
• Undersea communication cables
• Key waterways and ports
• Energy pipelines

This convergence of cyber and physical threats is exactly what we’ve been warning about in the industrial and OT security space.

Geoeconomic Confrontation = Cyber Warfare

Here’s where it gets really interesting for us at Tyrex. The #1 risk identified in the report is “Geoeconomic Confrontation”—and the report explicitly mentions that this includes not just tariffs and sanctions, but also cyberattacks on critical infrastructure as economic weapons.

The report states: “Physical disruptions to critical infrastructure and key supply chains – for example by targeting satellite networks, damaging undersea communication cables, blocking or slowing transit through key waterways or ports, or disrupting energy pipelines – could become more frequently used physical or cyber-physical tools.”

The USB Connection: Supply Chain Vulnerabilities

While the WEF report doesn’t explicitly mention USB devices (it’s a macro-level strategic document), it emphasizes repeatedly the vulnerability of global supply chains and the risk of “Concentration of Strategic Resources and Technologies” (#15 in the two-year ranking).

Here’s the connection to our world: The report highlights that manufacturing and industrial sectors are particularly vulnerable to supply chain attacks. And as we’ve seen with the Luxshare Precision breach this month and the Nike/Under Armour attacks, these supply chains rely heavily on physical data transfer methods—including USB devices—because many industrial systems are air-gapped.

What This Means for 2026:

1. 57% of global leaders expect a “turbulent or stormy” outlook over the next decade when it comes to global risks. Cybersecurity is front and center in this turbulence.
2. Misinformation and Disinformation (#2 risk) is closely linked to cyberattacks, as state-sponsored actors use both to destabilize societies and economies.
3. The convergence of geopolitical tensions + cyber capabilities + critical infrastructure vulnerabilities creates a perfect storm where attacks on manufacturing, energy, and logistics sectors will intensify.
4. Manufacturing sector specifically called out as vulnerable due to complex international supply chains—exactly the environments where USB security is most critical.

The Bottom Line:

The WEF is telling us that we’re entering an era where cyber threats are no longer separate from geopolitical, economic, and physical security threats. They’re all merging into one interconnected risk landscape.

For organizations operating in manufacturing, critical infrastructure, or any sector with complex supply chains, the message is clear: you can’t just secure your network perimeter anymore. You need to secure every entry point—including those small plastic devices that plug into your most critical systems.

As the report grimly concludes: “The future is not a single, fixed path but a range of possible trajectories, each dependent on the decisions we make today.”

The decision to secure USB entry points? That needs to happen today.

Read the full report: WEF Global Risks Report 2026

USBs Gone Wild

This month’s flash drive case study

The Luxshare Precision Breach: When Apple’s Supply Chain Security Met Its USB Blind Spot

The Setup:

Luxshare Precision Industry Co., one of Apple’s most trusted manufacturing partners, operates state-of-the-art facilities across China producing precision components for iPhones, iPads, and AirPods. With Apple’s notoriously strict security requirements, Luxshare had implemented enterprise-grade firewalls, network segmentation, endpoint detection systems, and rigorous access controls. Their digital fortress seemed impenetrable – at least, that’s what everyone thought.

The Vulnerability:

Like most precision electronics manufacturers, Luxshare’s production floor relied heavily on USB drives for legitimate operational needs:

• Engineering teams transferred CNC machine programs and firmware updates via USB to air-gapped production equipment
• Quality control specialists collected test data and production logs on USB drives for analysis
• External partners and Apple auditors regularly visited with USB drives containing compliance checklists, specification updates, and design files
• Maintenance technicians used USB drives to update industrial control systems that couldn’t be connected to the corporate network for security reasons

This created a perfect storm: highly sensitive data, complex supply chain interactions, and dozens of USB devices entering and leaving the facility daily – with inconsistent security screening.

The Attack (Mid-December 2025):

The breach began innocuously. A supplier representative arrived for a routine meeting about a new component specification. They brought along a USB drive supposedly containing updated technical drawings and manufacturing tolerances – standard practice in the industry. An engineer, pressed for time and familiar with this supplier, plugged the drive into their workstation to review the files.

The USB contained more than just CAD files. Hidden within was a sophisticated multi-stage payload:

• Stage 1 – Initial Compromise: The drive exploited a zero-day vulnerability in the document viewer software, gaining initial access to the engineer’s workstation. The malware immediately began reconnaissance, mapping the network and identifying high-value targets: servers containing iPhone component specifications, iPad assembly processes, and AirPods manufacturing data.
• Stage 2 – Lateral Movement: Over the next several days, the attackers moved laterally through Luxshare’s network, compromising additional systems. They specifically targeted engineering workstations and file servers where Apple’s proprietary manufacturing data was stored. The sophisticated malware employed “living off the land” techniques, using legitimate system tools to avoid detection by endpoint security software.
• Stage 3 – Data Exfiltration: Here’s where USB devices became the exit strategy. Rather than risk detection by exfiltrating gigabytes of data over monitored network connections, the attackers used a more elegant approach: they identified employees who regularly used USB drives for legitimate work purposes and compromised their devices. These infected USB drives, when plugged into their personal computers at home (outside Luxshare’s security perimeter), automatically uploaded stolen data to the attackers’ command-and-control servers.
• Stage 4 – The Ransomware Deployment: After successfully exfiltrating Apple’s proprietary manufacturing data, the attackers deployed double-extortion ransomware. They encrypted Luxshare’s production systems and file servers, then sent their ransom demand: pay up, or we’ll leak Apple’s trade secrets to competitors and the public.

The Discovery (January 2026):

Luxshare discovered the breach when their production systems were suddenly encrypted. The subsequent forensic investigation revealed the full scope: terabytes of Apple’s proprietary iPhone and iPad manufacturing data had been stolen. The disclosure in January 2026 sent shockwaves through Apple’s supply chain and raised serious questions about third-party security.

The Fallout:

• Production shutdown: Multiple Luxshare facilities went offline, disrupting Apple’s supply chain
• Intellectual property loss: Proprietary manufacturing processes, component specifications, and design innovations potentially compromised
• Financial impact: Millions in ransomware costs, production losses, and potential Apple contract penalties
• Reputational damage: Questions about Luxshare’s ability to protect sensitive client data
• Industry wake-up call: Other Apple suppliers scrambled to audit their own USB security protocols

How TYREX Could Have Prevented This:

If Luxshare had implemented TYREX USB decontamination stations at all facility entry points:

• Entry Point Control: The supplier’s infected USB drive would have been scanned at a TYREX Satellite kiosk before ever reaching an engineer’s workstation
• Threat Detection: TYREX’s advanced analysis engine would have detected the hidden malicious payload, even if disguised within legitimate CAD files
• Zero-Day Protection: Even with a zero-day exploit, TYREX’s behavioral analysis would have flagged suspicious file structures and execution patterns
• Quarantine & Alert: The infected drive would have been quarantined immediately, with real-time alerts sent to Luxshare’s security team via the TYREX Management server
• Audit Trail: Every USB device entering the facility would have been logged, creating a complete audit trail for forensic analysis
• Exfiltration Prevention: TYREX agents deployed on protected computers would have blocked the malware’s attempts to use USB drives for data exfiltration

The Cost Comparison:

Without TYREX:

• Ransomware payment: estimated millions
• Production downtime: tens of millions
• Forensic investigation: hundreds of thousands
• Potential Apple contract penalties: millions
• Reputational damage: Incalculable
• Total estimated cost: …. $50 Million +

With TYREX:

• TYREX Stations for high-security areas…
• TYREX Management server (on-premises)…
• Annual Support, Maintenance and Updates…
• Total investment: a few % (single digit… generally a couple of points) of the total damage!

The Bottom Line:

The Luxshare breach proves that even Apple’s most trusted manufacturing partners, with enterprise-grade cybersecurity infrastructure, remain vulnerable if they don’t secure their physical attack vectors. In precision manufacturing environments handling multi-billion-dollar intellectual property, every unscanned USB drive is a potential breach waiting to happen.

You can have the most sophisticated network security in the world – but if someone can walk through your front door with a compromised USB drive, all those defenses become irrelevant.

The question for manufacturing executives isn’t “Can we afford USB security?”

It’s “Can we afford NOT to have it?”

Sources: Based on the January 2026 Luxshare Precision ransomware attack disclosure, which exposed proprietary Apple iPhone and iPad manufacturing data following a mid-December 2025 intrusion.

Up for a Cybersecurity Chat with Gérard?

Want to learn more about how Tyrex can protect your organization from USB threats?

Let’s talk!

Powered by Tyrex USA

Our Mission is to protect organizations worldwide from the rapidly evolving cyber threats from USB drives and other removable media.