(Bloomberg) -- Hackers are increasingly targetingindustrial facilities, from oil refineries to nuclear power plants,with sophisticated attacks aimed at capturing data and remotelycontrolling the sites, according to a Honeywell International Inc. executive.

Honeywell has seen evidence of threats from nation-states and"sponsored attackers" backed by nations in two-thirds of the 30industrial sectors the company tracks at its Duluth, Georgia-basedcyber research lab, according to Eric Knapp, chief cyber securityengineer at Honeywell Process Solutions. The unit provides cybersecurity for more than 400 industrial sites worldwide, includingoil and gas producers, chemical and power plants, natural gasprocessors, and mining and water treatment facilities.

"We’ve seen that there’s definitely increasing exposure to whatwe call high-capability threat actors," Knapp said in a phoneinterview. "Nation-state and sponsored attackers are definitely outthere, and they’re definitely focusing on these industries."

Ukraine attack

Knapp wouldn’t name specific countries but said that the advancedhacking methods being detected are typically associated withnations or groups they sponsor. A U.S. indictment unsealed in Marchaccused a hacker based in Iran of gaining remote access to acomputer controlling a dam in Rye, NewYork, for about three weeks beginning in 2013, whilesix other Iranians attacked U.S. banks and companies includingthe New York Stock Exchange, Nasdaq, Bank of America Corp.,JPMorgan Chase & Co. and AT&T Inc. Iran rejected theaccusations.

In December, hackers in Ukraine showed the potential for anonline attack to inflict real-world damage by disrupting power totens of thousands of people. Destructive malware knocked out atleast 30 of the country’s 135 power substations for about sixhours.

Honeywell’s Knapp said hackers typically seek data or log-indetails that give them access to industrial-control systems at thefacilities, letting them digitally manipulate the operations fromafar.

"We’ve seen administrative credentials for sale. We’ve seenspecific access to specific industrial facilities for sale" online,Knapp said. "If I were to peruse the black market and I didn’t haveany scruples, I could say, ‘I want to access this facility,’ and Ican purchase the access to that, which is scary."

Attackers craft malware

One-third of malware Honeywell has detected at industrialfacilities entered the control system’s network through infectedUSB drives plugged in by users.

Companies have built stronger networks around their controlsystems, making direct access more difficult for hackers. Instead,attackers craft malware to hit a company’s more vulnerablecorporate system and then infect any removable USB drives attachedto that network. The control system’s network, housed separately,is breached when a worker plugs the infected USB drive into it.

Related: 5 essentials of a Cyber liability insurancepolicy

"There’s still a need for information to flow between thebusiness and the control system," Knapp said. "The bad guys knowthat they need to go in that way so they’re designing their attacksto take advantage of that."

Other challenges include costly measures needed to updateindustrial control systems to respond to current cyber threats.Some facilities are also using control systems that are three tofour decades old, Knapp said.

"There’s just an inherent challenge in protecting thesesystems," he said. "In a lot of cases, because of the age ofsystems they predate cybersecurity."

Copyright 2018 Bloomberg. All rightsreserved. This material may not be published, broadcast, rewritten,or redistributed.