Researchers find Stuxnet, Mirai, WannaCry lurking in industrial USB drives
Removal storage and USB thumb drives are a serious security incident waiting to happen, new research suggests.
When we consider threats to our industrial systems, specifically crafted malware, such as the Industroyer strainwhich cut off the power to the city of Kiev in Ukraine for an hour, often comes to mind.
Industrial players have a problem. Many of the operating systems, controls, and equipment used to power these facilities have legacy components which were never designed for over-the-air (OTA) updates or cybersecurity at all — and due to memory, size, and hardware limitations may not be suitable for direct protection.
A way to mitigate these risks is to implement strong perimeter defense, but if a USB key is directly connected to an industrial system, these protections can easily be circumvented.
On Thursday, industrial and engineering conglomerate Honeywell released a new reportexploring the potential risks USB drives possess and found current protective practices wanting.
According to the firm, USB drives pose a “significant and intentional” cybersecurity threat to industrial systems and could be weaponized to disrupt organizations and potentially go so far as to interrupt core services, such as those offered by water and energy utilities. ..Read More..