USB-borne malware can infect your industrial equipment unless you take proper precautions, Honeywell says.
Industrial organizations face security risks not only on their networks, but also in their factories and facilities. A successful cyber attack can compromise hardware and software used for critical operations. While most attacks are carried out over a network or individual computer, some are carried out over storage devices. A report published Tuesday by Honeywell looks at how malware on USB devices can threaten industrial facilities.
be first 2022 Industrial Cybersecurity USB Threat Report, Honeywell noted that USB storage drives can be used to transport files to or from industrial facilities. These drives are used to infect systems with malware or to compromise sensitive information. Since the first such report was published four years ago, the threats facing operational technology (OT) have become more ubiquitous and dangerous.
TO SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)
USB-based threats are on the rise
To prepare the report, Honeywell’s Cybersecurity Global Analysis, Research and Defense team analyzed USB-based threats detected and blocked by the security engine. The examined devices were actively used in industrial installations. Since the results were limited to blocked malware, there were likely additional threats that were not detected or recorded by the report.
Of all the security threats Honeywell has seen, 32% were specific to industrial installations. Those designed to proliferate using USB devices or misusing USB drives to install malware rose to 52% this year from 37% the year before.
Threats targeting remote access to the compromised system were 51%. At the same time, the number of high-impact security threats that can lead to loss of control or loss of insight in an industrial device has risen to 81% from 79% of all visible threats.
This year’s results are an improvement over previous years, when some threats doubled in activity. This year’s more moderate increases are a sign that the level of threats against this sector has reached a plateau; however, they remain at an extremely high level.
“USB malware is clearly being used as part of larger cyber-attack campaigns against industrial targets,” Honeywell said in the report. “Adaptations have been made to leverage the ability of removable USB media to bypass network defenses and bypass the vents on which many of these facilities depend for protection.
“Continued dedication is needed to defend against the growing USB threat, and strong USB security controls are highly recommended.”
Honeywell’s Advice for Protection Against USB-Based Malware
For industrial organizations looking to protect their facilities and business technology from USB compromise, Honeywell offers the following recommendations.
TO SEE: Mobile Device Security Policy (Tech Republic Premium)
Establish a clear USB security policy
Removable USB media can be easily used as a first method of attack in industrial control and operational technology environments. Therefore, establish and enforce policies to better protect USB media and peripherals.
Reduce the time it takes to remediate a threat
New types of threat variants are emerging more quickly, especially the use of USB devices to attack individuals. To combat these threats, examine existing security controls and patch cycles to reduce the time it takes to eliminate a threat. Also look at any remote checks used to detect threats in real time.
Secure your files, documents and other digital content
Be sure to inspect primary routes to and between industrial facilities, including removable media and network connections. The goal is to improve the ability to prevent the introduction and spread of content-based malware.
Manage outbound network connectivity from process control networks
This type of access must be strictly controlled and enforced by network switches, routers, and firewalls. Security threats crossing the air gap via USB can sneak into industrial systems, set up backdoors to install additional payloads, and create remote command-and-control processes.
Keep your security up to date
Be sure to regularly update antivirus and security software used in process control facilities. But beyond the traditional defense against malware, a more layered approach to threat detection with threat intelligence that includes operational technology is highly recommended.
Patch and harden all end nodes
Security threats can provide persistence and covert remote access to vented end nodes and other systems. Therefore, be sure to patch and protect the end nodes in your industrial facilities. By strengthening your operational technology systems, you also reduce the time it takes to mitigate a threat.