Dangerous malware is delivered using USB drives to Honeywell’s industrial facilities

Honeywell launched a product, named SMX, designed to protect facilities from USB-born threats; the company also says that its product can be used to determine the risk posed by USB drives.
SMX has been created after data collected from 50 companies scattered across the United States, South America, Europe, and the Middle East, has been analyzed. The industrial systems from where data was collected are operating in the energy, oil and gas, chemical manufacturing, pulp and paper, and other sectors.

Until now, in tests, Honeywell’s product has been able to block suspicious files present in 44% of the tested locations. From all the detected malware, 26% could have caused major disruptions to industrial control systems (ICS), including loss of control or loss of view.

Researchers found that 16% of the detected malware samples were specifically designed to target ICS or IoT systems, and 15% of the samples belonged to high profile families such as Mirai (6%), Stuxnet (2%), Triton (2%), and WannaCry (1%). More than half of the high-threats were represented by Trojans (55%), bots (11%), hacking tools (6%), and potentially unwanted applications (5%). One-third of samples had RAT functionality and 12% were capable of dropping other malware onto the compromised system and only 7% were hiding ransomware.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

By looking at those findings, ICS security experts say that high-threat malware is the first concern when it comes to industrial control facilities. Second main problem detected is given by the fact that all the threats do exist in the wild, as the high-threat malware was detected among day-to-day routine traffic, not in controlled research labs or test environments. As a consequence of these threats, new techniques such as TRITON, that are used to target Safety Instrumented Systems, can provoke copycat attackers.

Nowadays it’s not uncommon for high-threat malware to reach industrial networks and the analysis also confirms this. After running a malware analysis on them experts found that 9% of this malware was designed to directly exploit flaws in the USB protocol or interface by attacking the USB interface itself. Only 2% were associated Human Interface Device (HID) attacks, which trick the USB host controller into thinking there is a keyboard attached; which confirmes that HID attacks such as BadUSB as real threats to industrial companies.

We would continue to monitor industrial problems. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.