Threats due to removable media on the raise finds Honeywell

In a report released today by Honeywell based on cybersecurity threat data collected from hundreds of industrial facilities globally, the severity of threats detected to operational technology (OT) systems has risen by significant amounts over a 12-month period.

The findings from the latest Honeywell Industrial USB Threat Report show that the total amount of threats posed by USB removable media to industrial process control networks remains consistently high, with 45% of locations detecting at least one inbound threat. Over the same time period, the number of threats specifically targeting OT systems nearly doubled from 16 to 28%, while the number of threats capable of causing a loss of view or other major disruption to OT systems more than doubled, from 26 to 59%.

The report shows that 1 in 5 of all threats was designed specifically to leverage USB removable media as an attack vector, and more than half the threats were designed to open backdoors, establish persistent remote access or download additional malicious payloads. These findings are indicative of more coordinated attacks, likely attempting to target air-gapped systems used in most industrial control environments and critical infrastructure.

The Honeywell Industrial USB Threat Report examines data collected from Honeywell’s Secure Media Exchange (SMX) technology, which is designed to scan and control removable media, including USB drives. As the second most prevalent attack vector into industrial control and automation systems, USB devices play an important role in attacks that target OT systems. In recent years, such attacks have included Disttrack, Duqu, Ekans, Flame, Havex, Industroyer, USBCulprit and others.

To reduce the risk of USB-related threats, Honeywell recommends that organizations implement a blend of OT cybersecurity software products and services such as Honeywell’s Secure Media Exchange (SMX), the Honeywell Forge Cybersecurity Suite, people training and process changes.