Removal Storage, USB Drives Serious Security Threats: Report

Removal storage and USB thumb drives are serious security threats and could cause massive damage to industrial systems, as per a new report.

A new, first-of-its-kind research report released on November 1 by Honeywell (NYSE: HON) discusses and explores all potential security risks that USB drives possess. The research has also found that current protective practices seem to be wanting in this area of enterprise security.
A Honeywell press release dated November 01, 2018 discusses the research findings in detail. The release states, “New, first-of-its-kind research released today by Honeywell (NYSE: HON) shows that removable USB media devices such as flash drives pose a significant – and intentional – cybersecurity threat to a wide array of industrial process control networks.”

Honeywell researchers scanned and control USB devices at 50 customer locations across the U.S, Europe, South America and the Middle East, and found that almost half (44 percent) of these contained at least one file with a security issue. 26 percent of the security threats that were detected on the USB devices had the capability of causing significant disruption to industries, including losing visibility or control of their operations. The threats, which ranged in different levels of severity, targeted different industrial sites across the world, including chemical plants, refineries, pulp-and-paper manufacturers etc. The research also found that about one in six threats found on USB devices targeted industrial control systems or Internet of Things (IoT) devices.

Triton, Mirai, WannaCry and some variants of Stuxnet featured among the threats that were found in the USB devices. The Honeywell press release states, “The research marks the first commercial report to focus exclusively on USB security in industrial control environments. It examined data collected from Honeywell’s Secure Media Exchange (SMX) technology, which is specifically designed to scan and control removable media, including USB drives. Among the threats detected were high-profile, well-known issues such as TRITON and Mirai, as well as variants of Stuxnet, an attack type previously leveraged by nation-states to disrupt industrial operations. In comparative tests, up to 11 percent of the threats discovered were not reliably detected by more traditional anti-malware technology.”

The malware found on these USB drives, which included Trojans, botnets, droppers etc, were able to create backdoors, steal sensitive information and deliver malicious payload via C&C servers.

The press release quotes Eric Knapp, director of strategic innovation, Honeywell Industrial Cyber Security as saying, “The data showed much more serious threats than we expected, and taken together, the results indicate that a number of these threats were targeted and intentional. This research confirms what we have suspected for years – USB threats are real for industrial operators. What is surprising is the scope and severity of the threats, many of which can lead to serious and dangerous situations at sites that handle industrial processes.”

He adds, “Customers already know these threats exist, but many believe they aren’t the targets of these high-profile attacks. This data shows otherwise, and underscores the need for advanced systems to detect these threats.”