According to a report released by Honeywell, USB-based threats that can severely impact business operations increased significantly during a disruptive year when the usage of removable media and network connectivity also grew.
Data from the 2021 Honeywell Industrial USB Threat Report indicates that 37% of threats were specifically designed to utilise removable media, which almost doubled from 19% in the 2020 report. The research also highlights that 79% of cyber threats originating from USB devices or removable media could lead to critical business disruption in the operational technology (OT) environment. At the same time, there was a 30% increase in the use of USB devices in production facilities last year, highlighting the growing dependence on removable media.
The report was based on aggregated cybersecurity threat data from hundreds of industrial facilities globally during a 12-month period. Along with USB attacks, research shows a growing number of cyber threats including remote access, Trojans and content-based malware have the potential to cause severe disruption to industrial infrastructure.
“USB-borne malware was a serious and expanding business risk in 2020, with clear indications that removable media has become part of the playbook used by attackers, including those that employ ransomware,” said Eric Knapp, engineering fellow and director of cybersecurity research for Honeywell Connected Enterprise. “Because USB-borne cyber intrusions have become so effective, organizations must adopt a formal program that addresses removable media and protects against intrusions to avoid potentially costly downtime.”
Many industrial and OT systems are air-gapped or cut off from the internet to protect them from attacks. Intruders are using removable media and USB devices as an initial attack vector to penetrate networks and open them up to major attacks. Knapp says hackers are loading more advanced malware on plug-in devices to directly harm their intended targets through sophisticated coding that can create backdoors to establish remote access. Hackers with remote access can then command and control the targeted systems.
Read the full report here
