More than half of OT cyber threats used USB drives, report finds
Researchers found that malware on USB devices is at a “dangerously high level,” threatening industrial and operational networks.
Fifty-two percent of cyber threats to operational technology last year were designed to use USB drives, a jump of 15 percentage points compared to 2020, according to a report from digital services company Honeywell Forge.
Threats exploiting USBs for initial infection or capable of propagating over the removable drives rose from 19% in 2019 to just over 37% in 2020, to 52% in 2021, the report stated.
The growing threat indicates that malware from those storage devices remains a “serious concern” to the air-gapped environments found in many industrial environments. Researchers said that bad actors are attempting to use USB devices as an initial point of attack, then leveraging them to infect networks and machines and control them.
Mike Spear, global operations senior director, Honeywell Connected Enterprise Cyber Security, said the threats are especially severe from USB devices as they are handled by contractors and other vendors, have few cybersecurity controls and may rely on older technologies.
Those devices can be plugged into systems that control critical infrastructure or other government and industry networks to exploit weaknesses and are now being pressed into service again after the coronavirus pandemic forced most operations to go remote.
The report recommended that organizations have a “clear USB security policy” that places better controls over the devices’ use and that cybersecurity professionals place additional scrutiny on the files and documents they receive from USB devices. Security software should be constantly updated in the face of evolving threats.
“Adaptations have occurred to take advantage of leveraging the ability of USB removable media to circumvent network defenses and bypass the air gaps upon which many of these facilities depend on for protection,” the report read.
Spear said USB devices are likely to still be prevalent across industry and government for at least the next five years. While many sectors are looking to transition their systems to the cloud, he warned that will not solve every cybersecurity issue.
“We try to restrict access from the outside world, and so all you've done is trade one problem for another,” Spear said, referring to transitioning to the cloud away from USBs. “To me, the focus is, let's accept the fact that for the near future, [USBs are] going to be there, so let's secure them and make sure we can use them securely within the environment.”