The report comes as many companies, including IBM, have banned the use of portable storage devises like USB sticks owing to security risks.
In an advisory to employees in May 2018, for example, IBM’s global CISO Shamla Naidoo said the company “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).”
Such steps come as both penetration testers and black hats rapidly leaped on techniques revealed as a result of Edward Snowden’s 2013 leak of the National Security Agency’s so-called “ANT Catalogue“.
This revealed the NSA’s use of covert USB-based channels that can support software modification, along with data infiltration and exfiltration, and heightened enterprise awareness of the risks of USB use.
“The data showed much more serious threats than we expected, and taken together, the results indicate that a number of these threats were targeted and intentional,” said Eric Knapp, director of strategic innovation, Honeywell Industrial Cyber Security.
He added: “This research confirms what we have suspected for years – USB threats are real for industrial operators. What is surprising is the scope and severity of the threats.”
The report examined data collected from Honeywell’s Secure Media Exchange (SMX) technology, which is designed to scan and control removable media.
Among the threats detected (55 percent of which were Trojans) were high-profile, well-known issues such as TRITON and Mirai, as well as variants of Stuxnet, an attack type previously leveraged by nation-states to disrupt industrial operations.
Of the malware discovered, nine percent was designed to directly exploit USB protocol or interface weaknesses, making USB delivery even more effective — especially on older or poorly configured computers that are more susceptible to USB exploits.
Some went further, attacking the USB interface itself: two percent were associated with common Human Interface Device (HID) attacks, which trick the USB host controller into thinking there is a keyboard attached, allowing the malware to type commands and manipulate applications.
In comparative tests, up to 11 percent of the threats discovered were not reliably detected by more traditional anti-malware technology, Honeywell claimed.
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.