The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%, while the number of threats capable of disrupting those systems rose from 26% to 59% over the same period.
Let’s face it. Critical infrastructure operators in manufacturing, aerospace, energy, shipping, chemical, oil and gas, pulp and paper, water and wastewater, and building automation are heavily relying on USB devices. The reason is simple – process control and critical networks are typically well-isolated, with strong physical and logical access controls in place.
It is, therefore, no surprise that removable media remains one of the top vectors for cybersecurity threats. Since the established access controls make network penetration and intrusion more difficult, adversaries are targeting the “low hanging fruit” of required file transfers between industrial automation and control systems.
Overall, we are witnessing an increase in attacks targeting Operational Technology (OT). But, at the same time, we can see an increased awareness of the consequences of such attacks due to broad news coverage of Industroyer, TRITON, Havex, Ekans, USBCulprit, and more. USB devices continue to play an important role in these types of targeted attacks, since they are the second most prevalent attack vector into industrial control and automation systems behind network-based threats.