View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 8, 2018

Honeywell Research Reveals USB Malware Risk for 44% of Industrial Facilities

TRITON, Mirai, Stuxnet all identified: "The data showed much more serious threats than we expected"

By CBR Staff Writer

Research by industrial conglomerate Honeywell has found that nearly half (44 percent) of USB devices scanned across 50 industrial sites held files containing malware.

The threats identified (55 percent of which were trojans) targeted a range of industrial sites, including refineries, chemical plants and pulp-and-paper manufacturers.

Some 26 percent of the detected threats were capable of “significant disruption by causing operators to lose visibility or control of their operations”, Honeywell said.

The research marks the first commercial report to focus exclusively on USB security in industrial control environments.

USB malware riskUSB Malware Risk: Many Companies Ban Use

The report comes as many companies, including IBM, have banned the use of portable storage devises like USB sticks owing to security risks.

In an advisory to employees in May 2018, for example, IBM’s global CISO Shamla Naidoo said the company “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).”

Such steps come as both penetration testers and black hats rapidly leaped on techniques revealed as a result of Edward Snowden’s 2013 leak of the National Security Agency’s so-called “ANT Catalogue“.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

This revealed the NSA’s use of covert USB-based channels that can support software modification, along with data infiltration and exfiltration, and heightened enterprise awareness of the risks of USB use.

USB malware risk honeywell“More Serious Threats than we Expected”

“The data showed much more serious threats than we expected, and taken together, the results indicate that a number of these threats were targeted and intentional,” said Eric Knapp, director of strategic innovation, Honeywell Industrial Cyber Security.

He added: “This research confirms what we have suspected for years – USB threats are real for industrial operators. What is surprising is the scope and severity of the threats.”

The report examined data collected from Honeywell’s Secure Media Exchange (SMX) technology, which is designed to scan and control removable media.

Among the threats detected (55 percent of which were Trojans) were high-profile, well-known issues such as TRITON and Mirai, as well as variants of Stuxnet, an attack type previously leveraged by nation-states to disrupt industrial operations.

Of the malware discovered, nine percent was designed to directly exploit USB protocol or interface weaknesses, making USB delivery even more effective — especially on older or poorly configured computers that are more susceptible to USB exploits.

Some went further, attacking the USB interface itself: two percent were associated with common Human Interface Device (HID) attacks, which trick the USB host controller into thinking there is a keyboard attached, allowing the malware to type commands and manipulate applications.

In comparative tests, up to 11 percent of the threats discovered were not reliably detected by more traditional anti-malware technology, Honeywell claimed.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.