USB DRIVES COULD PRESENT SIGNIFICANT THREATS TO SECURITY

January 6, 2019


My posts are not necessarily aimed to provide public service announcements but I just could not pass this one up.  Take a look.

On November first of 2018, Honeywell released a study founding that forty-four percent (44%) of the USB drives scanned by their software at fifty (50) customer locations contained at least one unsecured file.  In twenty-six percent (26%) of those cases, the detected fire was capable of causing what company officials called “a serious disruption by causing individuals to lose visibility or control of their operations”.  Honeywell began talking up its SMX (Secure Media Exchange) technology at its North American user group meeting in 2016, when removable media like flash drives were already a top pathway for attackers to gain access to a network. SMX, launched officially in 2018  is designed to manage USB security by giving users a place to plug in and check devices for approved use. The SMX Intelligence Gateway is used to analyze files in conjunction with the Advanced Threat Intelligence Exchange ( Exchange (ATIX), Honeywell’s threat intelligence cloud. Not only has SMX made USB use safer, but Honeywell has gained access to a significant amount of information about the methodology of attacks being attempted through these devices.

“The data showed much more serious threats than we expected,” said Eric Knapp, director of strategic innovation for Honeywell Industrial Cyber Security. “And taken together, the results indicate that a number of these threats were targeted and intentional.” Though Honeywell has long suspected the very real USB threats for industrial operators, the data confirmed a surprising scope and severity of threats, Knapp said, adding. “Many of which can lead to serious and dangerous situations at sites that handle industrial processes.”

The threats targeted a range of industrial sites, including refineries, chemical plants and pulp and paper facilities around the world. About one in six of the threats specifically targeted industrial control systems (ICSs) or Internet of Things (IoT) devices. (DEFINITION OF IoT: The Internet of Things (IoT) refers to the use of intelligently connected devices and systems to leverage data gathered by embedded sensors and actuators in machines and other physical objects. In other words, the IoT (Internet of Things) can be called to any of the physical objects connected with network.)

Among the threats detected, fifteen percent (15%) were high-profile, well-known issues such as Triton, Mirai and WannaCry, as well as variants of Stuxnet. Though these threats have been known to be in the wild, what the Honeywell Industry Cyber Security team considered worrisome was the fact that these threats were trying to get into industrial control facilities through removable storage devices in a relatively high density.

“That high-potency threats were at all prevalent on USB drives bound for industrial control facility use is the first concern. As ICS security experts are well aware, it only takes one instance of malware bypassing security defenses to rapidly execute a successful, widespread attack,” Honeywell’s report noted. “Second, the findings also confirm that such threats do exist in the wild, as the high-potency malware was detected among day-to-day routine traffic, not pure research labs or test environments. Finally, as historical trends have shown, newly emerging threat techniques such as Triton, which target safety instrumented systems, can provoke copycat attackers. Although more difficult and sophisticated to accomplish, such newer threat approaches can indicate the beginnings of a new wave of derivative or copycat attacks.”

In comparative tests, up to eleven percent (11%) of the threats discovered were not reliably detected by more traditional anti-malware technology. Although the type and behavior of the malware detected varied considerably, trojans—which can be spread very effectively through USB devices—accounted for fifty-five percent (55%) of the malicious files. Other malware types discovered included bots (eleven percent), hack-tools (six percent) and potentially unwanted applications (five percent).

“Customers already know these threats exist, but many believe they aren’t the targets of these high-profile attacks,” Knapp said. “This data shows otherwise and underscores the need for advanced systems to detect these threats.”

CONCLUSION:  Some companies and organizations have outlawed USB drives entirely for obvious reasons.  Also, there is some indication that companies, generally off-shore, have purposely embedded malware within USB drives to access information on a random level.  It becomes imperative that we take great care in choosing vendors providing USB drives and other external means of capturing data.  You can never be too safe.

Advertisements

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: