Honeywell’s 2021 Cybersecurity Report Highlights Dangers of USB Threats for Industrial Control Systems

July 10, 2021 by Alessandro Mascellino

Automation giant Honeywell has recently released a cybersecurity report highlighting a substantial increase in USB-related cyberattacks during the last year.

According to the cybersecurity report data, many of these threats could critically impact operational technology (OT) environments.


Honeywell Industrial Cybersecurity USB Threat Report 2021

The report’s cover image. Image used courtesy of Honeywell


The report comes at a time of increased USB and network usage spurred by remote work trends, which increased considerably during the pandemic.


The Industrial Cybersecurity USB Threat Report 2021

The latest cybersecurity-centered report is based on aggregated and anonymized data gathered from hundreds of industrial facilities globally over the past 12 months via the Honeywell Secure Media Exchange (SMX) platform designed to counter USB-related threats.

The new figures show a considerable 37% of threats that were specifically designed to utilize removable media. Compared to the 19% in the 2020 report, this marks an increase of 18%. When considering that the 2020 edition already noticed a substantial increase compared to 2019, a clear trend appears to be emerging.

In addition, the 2021 edition of the report indicated that 79% of all cyber threats originating from USB devices or removable media could lead to critical business disruption in OT environments. In particular, 30% of all USB-based threats were designed solely for industrial use or associated with industrial cyber-attack campaigns, while 34% had characteristics associated with early-stage attacks.

A modest 9% had the sole purpose of installing additional payloads, and over 50% were designed to establish a permanent backdoor or remote access.

According to the new data, a 30% increase was also noticed in using USB devices in manufacturing facilities last year, showcasing the industry’s growing reliance on the technology.


USB Threats to Industrial Control Systems

From a technical standpoint, many modern industrial and OT systems are air-gapped or otherwise cut off from the internet to protect them from attacks. Because of this, many malicious actors are resorting to physical attack vectors, like removable devices, to deploy malware and ransomware within industrial control systems (ICSs). 


USB threats for ICS

An infographic describing how potential USB threats can successfully be countered using SMX. Image used courtesy of Honeywell


Once installed via USB devices, backdoors can then be used to establish remote access and effectively control a system. For context, ransomware attacks targeting control systems and OT assets have increased considerably in the past year, with many companies reporting losses or disruption to operations.

To counter the phenomenon, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently released new guidelines for preventing, mitigating, and responding to ransomware attacks.

With the release of the latest Threat Report, Honeywell intends to bring attention to those attacks specifically introduced by the increasing number of USB devices deployed in industrial scenarios. Honeywell believes organizations must adopt formal programs addressing removable media to protect them against intrusions or potentially costly downtime.

The program includes deploying early threat detection (ETD) systems, establishing a clear USB security policy, and consistent attempts to re-examine existing controls and re-evaluate patch cycles to close the mean time to remediation (MTTR).

For more information about the Honeywell Industrial Cybersecurity USB Threat Report 2021, you can request a free copy.