According to a Honeywell report, USB-based threats that can have a substantial impact on business operations surged significantly during a disruptive year when the use of removable media and network connectivity both expanded.
According to the Honeywell Industrial USB Threat Report for 2021, 37 percent of attacks were expressly designed to use removable media, which almost doubled up from 19 percent in the previous report. In the Operational Technology (OT) environment, 79 percent of cyber threats are from USB devices or removable media could cause a major business disruption, according to the report. At the same time, the use of USB devices in production facilities increased by 30 percent last year, demonstrating the rising reliance on removable media.
The report was based on a 12-month aggregated cybersecurity threat data from hundreds of industrial facilities throughout the world. In addition to USB attacks, the research also highlights rising array of cyber threats, such as remote access, Trojans, and content-based malware, that can have the potential to cause catastrophic disruption to industrial infrastructure.
Commenting on the report, Eric Knapp, Engineering Fellow and Director of Cybersecurity Research for Honeywell Connected Enterprise, said “USB-borne malware was a serious and expanding business risk in 2020, with clear indications that removable media has become part of the playbook used by attackers, including those that employ ransomware,”
“Because USB-borne cyber intrusions have become so effective, organizations must adopt a formal program that addresses removable media and protects against intrusions to avoid potentially costly downtime.”
To protect themselves from threats, several Industrial and OT systems are air-gapped or disconnected from the Internet. Intruders are breaking into networks and exposing them to severe attacks by employing removable media and USB devices as an initial attack vector. Hackers are loading more complicated malware on plug-in devices, according to Knapp, in order to directly harm their intended targets through complex coding that can create backdoors for remote access. Remote access allows hackers to command and control the targeted systems.