The outbreak of malware such as TRITON, Mirai, and Stuxnet has warned us that the threat of data is much more severe than we expected. The interconnected industrial company Honeywell found in its scans of 50 industrial sites that nearly half ( 44% ) of USB devices have files containing malware.
The identified threats (of which 55% are Trojan viruses) are targeted at a range of industrial sites, including refineries, chemical plants, and pulp and paper manufacturing plants.
According to Honeywell, about 26% of the threats detected can “cause operators to lose visibility or control over their operations, resulting in serious service/operational disruptions”. It is reported that this research is the first commercial research report focusing on USB security in industrial control environments.
At the time of the report’s release, many companies, including IBM, explicitly banned the use of portable storage devices such as USB flash drives because of security risks. For example, in a consulting report released in May 2018, IBM’s global chief information officer Shamla Naidoo said that his company is further deepening “prohibition of all removable portable storage devices (such as USB, SD card, flash drive) Etc.) The practice of transmitting data.”
As more and more penetration testers and black hat attackers accelerate the use of NSA technology leaked by Edward Snowden, steps such as disabling USB, and other devices are beginning to follow. According to Snowden’s leaked information, the NSA can invade computers that are not connected to the network through a private technology. This technology has been in use for at least since 2008 and relies on a radio wave covert channel. The radio waves are transmitted through a small circuit board and a USB card that is secretly inserted in the computer.
This shows that the NSA uses hidden USB-based channels to perform software modifications, data infiltration, and bleed operations, while also increasing the company’s awareness of USB usage risks.
According to Honeywell, the data shows a more serious threat than we expected, and the results show that some of these threats are targeted and deliberate. Also, this study confirms a problem we have been sceptical for years – that the USB threat is real for industrial operators. What is surprising is that I did not expect the scope and severity of the risk to reach such a level.
It is reported that the data reviewed in this report is mainly from Honeywell’s Secure Media Exchange (SMX) smart gateway technology. SMX is a media scanning solution that can thoroughly scan malware and viruses on the drive before the USB drive is connected to the network. And SMX software is automatically updated as new threats change to provide continuous technical support and database updates over the life of the system.
Among the detected threats (of which 55% are Trojan viruses), there are many well-known and well-known problems, such as TRITON and Mirai, and variants of Stuxnet, which is a nation-state used to destroy the industry. The type of attack that is being operated.
Of the malware found, 9% were designed to exploit USB protocol or interface vulnerabilities directly, making USB transfers more efficient—especially on older or poorly configured computers that are more susceptible to USB attacks.
Some malware is more advanced and will directly attack the USB interface itself: 2% is related to common Human Interface Device (HID) attacks, which can cause the USB host controller to mistakenly believe that there is a keyboard connection, allowing the malware to type commands and Manipulate the application.
Finally, Honeywell said that according to comparative tests, up to 11% of the threats we detected were not detected by more traditional anti-malware technologies.