Study finds that 79% of cyber threats originating from removable media could critically impact operational technology (OT) environments
USB-based threats that can severely impact business operations increased significantly during a disruptive year when the usage of removable media and network connectivity also grew, according to Honeywell’s 2021 Industrial USB Threat Report.
The study indicates that 37% of threats were specifically designed to utilize removable media, which almost doubled from 19% in the 2020 report. The research also highlights that 79% of cyber threats originating from USB devices or removable media could lead to a critical business disruption in the operational technology (OT) environment. At the same time, there was a 30% increase in the use of USB devices in production facilities last year, highlighting the growing dependence on removable media.
The report was based on aggregated cybersecurity threat data from hundreds of industrial facilities globally during a 12-month period. Along with USB attacks, research shows a growing number of cyber threats including remote access, Trojans and content-based malware have the potential to cause severe disruption to industrial infrastructure.
"USB-borne malware was a serious and expanding business risk in 2020, with clear indications that removable media has become part of the playbook used by attackers, including those that employ ransomware," said Eric Knapp, engineering fellow and director of cybersecurity research for Honeywell Connected Enterprise. "Because USB-borne cyber intrusions have become so effective, organizations must adopt a formal program that addresses removable media and protects against intrusions to avoid potentially costly downtime."
Many industrial and OT systems are air-gapped or cut off from the internet to protect them from attacks. Intruders are using removable media and USB devices as an initial attack vector to penetrate networks and open them up to major attacks. Knapp says hackers are loading more advanced malware on plug-in devices to directly harm their intended targets through sophisticated coding that can create backdoors to establish remote access. Hackers with remote access can then command and control the targeted systems.
The 2021 report includes data from Honeywell's Secure Media Exchange (SMX) technology, which is designed to scan and control USB drives and removable media. To reduce the risk of USB-related threats, Honeywell recommends that organizations utilize several layers of OT cybersecurity software products and services such as Honeywell's Secure Media Exchange (SMX), the Honeywell Forge Cybersecurity Suite, people training and process changes.
Honeywell's Secure Media Exchange (SMX) provides advanced threat detection for critical infrastructure by monitoring, better protecting and logging use of removable media throughout industrial facilities. The Honeywell Forge Cybersecurity Suite can monitor for vulnerabilities such as open ports or the presence of USB security controls to strengthen endpoint and network security, while also ensuring better cybersecurity compliance.