Significant increase in USB threats that can cause costly business disruptions

According to a report by Honeywell, USB-based threats that can severely impact business operations increased significantly during a disruptive year when the usage of removable media and network connectivity also grew.

Data from the 2021 Honeywell Industrial USB Threat Report indicates that 37% of threats were specifically designed to utilize removable media, which almost doubled from 19% in the 2020 report. The research highlights that 79% of cyber threats originating from USB devices or removable media could lead to a critical business disruption in the operational technology (OT) environment. At the same time, there was a 30% increase in the use of USB devices in production facilities last year, highlighting the growing dependence on removeable media.

The report was based on cybersecurity threat data collected and analyzed from hundreds of industrial facilities globally during a 12-month period. Along with USB attacks, research shows a growing number of cyber threats including remote access, Trojans and content-based malware have the potential to cause severe disruption to industrial infrastructure.

“USB-borne malware was a serious and expanding business risk in 2020, with clear indications that removable media has become part of the playbook used by organized and targeted attacks, including ransomware,” said Eric Knapp, director of Cybersecurity Research and engineering fellow, Honeywell Connected Enterprise, Cybersecurity. “Because USB-borne cyber intrusions have become so effective, organizations must adopt a formal remove media security program to protect against intrusions and avoid potentially costly downtime.”

Many industrial and OT systems are air-gapped or cut off from the internet to protect them from attacks. Intruders are using removeable media and USB devices as an initial attack vector to penetrate networks and open them up to major attacks. Knapp says sophisticated multi-functional malware can directly impact target systems, download stage-two payloads or open backdoors to establish direct remote access, along with command and control.

The 2021 report analyzes data from Honeywell's Secure Media Exchange (SMX) technology, which is designed to scan and control USB drives and removable media. To reduce the risk of USB-related threats, Honeywell recommends that organizations combat these threats with several layers of OT cybersecurity software products and services.

To read the full report, visit https://www.honeywell.com/us/en

Situational awareness should be at the forefront of your security program. It can mean the difference between life and death in a workplace emergency.

Security’s digital transformation is now entering stage 5. Complex security technologies are connected to HR systems, global security operations centers, and other building technologies in a world where employees now work in two places: home and the corporate office.