Multinational conglomerate Honeywell has issued a new report on the risks of USB drives, particularly in industrial control organizations. The news is not great.
USB drives have been steadily gaining notoriety for delivering cyberattacks, especially through everyday devices in the era of the Internet of Things. The Honeywell report indicates that USB drives could be used as weapons to disrupt organizational operations and services provided by utilities. As industrial control organizations have aged, they’ve become more susceptible to cyberattacks because many were built before cybercrime was as problematic as it is today. The operating systems and controls that keep such organizations running are typically comprised of components that predated the ability to be updated wirelessly.
As a result, perimeter security has been the go-to approach to safeguard industrial control organizations. And because of that, thumb drives and other USB devices have come into favor with cybercriminals intent on infecting systems.
Honeywell found that 44 percent of USB devices at industrial facilities at locations across the US, South America, Europe, and the Middle East contained at least one file that had been compromised. Moreover, the report found that 26 percent of the threats could potentially impair operational visibility or control. Mirai,
As ZDNet writes, “In the report, the researchers document a variety of attack attempts at these facilities which intentionally utilized USB devices loaded with malware. One out of six of these attacks targeted industrial control systems or Internet of Things (IoT) devices.” Among the threats found on the devices: Mirai, WannaCry, and Stuxnet–It’s like a cyberattack hall of fame.
The most common type of malware on USB drives was found to be Trojans, capable of creating backdoors and delivering subsequent payloads through command-and-control servers.
Get the full story at ZDNet.