While the ubiquitous USB remains an integral tool to facilitate transferable computing, such removable media is the second most prevalent industrial vector vulnerability for operational technology (OT) systems, according to a Honeywell report.
The company first studied the market in 2018, and since then the number of threats capable of disrupting OT rose from 26 percent in the first report to now 59 percent, which Honeywell tagged as “staggering,” as targeted and more sophisticated malware and ransomware attacks have become prevalent in focusing on industrial control and process automation systems.
“This isn’t a case of accidental exposure to viruses through USB,” said Eric Knapp, director of cybersecurity research and engineering fellow for Honeywell Connected Enterprise, Cybersecurity. “It’s a trend of using removable media as part of more deliberate and coordinated attacks.”
Honeywell studied anonymous users within its Secure Media Exchange (SMX) over a 12-month period in industries including: oil and gas, energy, food, chemical, shipping, buildings, aerospace, manufacturing, pulp and paper, among others.
Compounding the risk presented by removable USB is the increased data storage capacity such devices possess, pointed out Honeywell. The good news is that the amount of malware discovered remains statistically small overall.
However, most commodity USB removable devices were not built to last, and older media are prone to device errors or failures that cause these same irregularities, according to the report.
Older USB devices are susceptible to errors or corruption of firmware, boot sectors and filesystems that can impact the reliability of older operating systems and even introduce new vulnerabilities – putting data and system integrity at risk.
Honeywell advises users upgrade to newer, professional-grade media USB3.0 or later. For maximum protection, the report suggests the purchase of brands that offer signed and validated firmware.
USB falls into the “low-hanging fruit” category in eyes of bad actors that realize the necessity of file transfers into and among industrial automation and control systems. “Whether downloading patches from a ‘trusted’ source, sharing documents within and between process networks, or even creating new automation programs and process files internally, file transfers remain a necessary cog in the industrial machine,” the report found, adding that the increased need to move documents, patches, control programs and other files to disconnected workstations and work groups coincided with networks becoming more sophisticated.
“It is almost inevitable that, over time, some threat will find its way onto USB removable media,” Honeywell said.
In the first USB Threat Report, 44 percent of the locations studied detected and blocked at least one malicious or suspicious file that represented a security issue. With the new report, 45 percent of locations blocked at least one threat, thus reaffirming that USB remains a significant vector for OT threats.
