The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%, while the number of threats capable of disrupting those systems rose from 26% to 59% over the same period.Let’s face it. Critical infrastructure operators in manufacturing, aerospace, energy, shipping, chemical, oil and gas, pulp and paper, water and wastewater, and building automation are heavily relying on USB devices. The reason is simple – process control and critical networks are typically well-isolated, with strong physical and logical access controls in place.It is, therefore, no surprise that removable media remains one of the top vectors for cybersecurity threats. Since the established access controls make network penetration and intrusion more difficult, adversaries are targeting the “low hanging fruit” of required file transfers between industrial automation and control systems.Overall, we are witnessing an increase in attacks targeting Operational Technology (OT). But, at the same time, we can see an increased awareness of the consequences of such attacks due to broad news coverage of Industroyer, TRITON, Havex, Ekans, USBCulprit, and more. USB devices continue to play an important role in these types of targeted attacks, since they are the second most prevalent attack vector into industrial control and automation systems behind network-based threats.Report findingsTo compile the report, researchers from Honeywell’s Industrial Cybersecurity Global Analysis, Research, and Defense (GARD) team analyzed USB usage and behavioral data collected from production sites.According to the report findings, 45% of production sites have blocked at least one threat. This reaffirms that USB remains a significant vector for OT threats. It is almost inevitable that, over time, some threat will find its way onto USB removable media.Despite th ..
Support the originator by clicking the read the rest link below.
