Honeywell: How USBs are Threatening Industrials

Feb 13, 2019

By Honeywell

Removable USB media devices such as flash drives are commonplace and convenient when it comes to sharing information – those tiny flash drives can hold a lot of data.

And, it turns out, a lot of malicious threats.

At industrials, USBs are often used by employees and contractors visiting sites to share and transfer files and update patches.

Our new research shows that they also pose a significant cybersecurity threat to industrial networks. While monitoring 50 industrial plants in the energy, oil and gas, chemical and paper and pulp industries across the world for cybersecurity threats through our new Secure Media Exchange (SMX) solution, we caught Stuxnet, Mirai and WannaCry lurking in the USB drives.

Here’s a sample of the findings:

44% detected and blocked at least one security issue
This confirms that USBs remain a significant vector for industrial threats. It has become easy for hackers to spread malware, ransomware attacks, steal confidential data and bring down production sites through USBs.

26% of those threats were major 

These weren’t just blips – they could lead to significant disruption by causing operators to lose visibility or control of their operations.

15% of threats were high-profile and well-known

Odds are you’ve heard of these worms and viruses, including Stuxnet (2 percent), Mirai (6 percent), Triton (2 percent) and WannaCry (1 percent). They’ve existed for a long time and they were attempting to enter industrial facilities via removable storage devices in high density.

9% were designed to exploit USBs

Most of the malware detected were Trojans (55 percent), followed by bots (11 percent) and hacktools (6 percent).
And 9 percent were designed to directly exploit USB protocol and interface weaknesses, making them especially effective.

Read the full report here.