This post is also available in: heעברית (Hebrew)

USB drives are the cyber threat vector no one talks about. Industrial control systems (ICS) and operational technology (OT) environments face cyber threats from malicious USB devices capable of circumventing the air gap to disrupt operations from within. 79% of USB drive attacks can potentially disrupt the operational technologies that power industrial processing plants, according to Honeywell’s Industrial Cybersecurity USB Threat Report 2021.

Ransomware attackers rely on USBs to deliver malware, jumping the air gap that all industrial distribution, manufacturing, and utilities rely on as their first line of defense against cyberattacks. 

The study finds the incidence of malware-based USB attacks is one of the fastest-growing and most undetectable threat vectors that process-based industries such as public utilities face today. 

Industrial Control Systems are among the most porous and least secure enterprises systems, a fact that makes them a prime target for ransomware.

USB-based threats rose from 19% of all ICS cyberattacks in 2019 to just over 37% in 2020, the second consecutive year of significant growth, according to the report.

Ransomware attackers prioritize USBs as the primary attack vector and delivery mechanism for processing manufacturing and Utility targets. 

AI and machine learning (ML) technologies can help create and fine-tune continuously learning anomaly detection rules and analytics of events, so they can identify and respond to incidents and avert attacks. ML is also used to identify a true incident from false alarms, according to venturebeat.com.

The report was based on aggregated cybersecurity threat data from hundreds of industrial facilities globally during a 12-month period. Along with USB attacks, research shows a growing number of cyber threats including remote access, Trojans and content-based malware have the potential to cause severe disruption to industrial infrastructure.