USB sticks
The danger is real
There are frequent warnings about the dangers of careless use of USB sticks in companies. A study now clearly demonstrates this danger and warns of the extent of the threats.
Honeywell's analysis focuses exclusively on USB security in industrial control environments, which it claims is the first of its kind. It highlights that removable USB media such as flash drives pose a significant - and targeted - threat to cyber security. The data on which the 'Honeywell Industrial USB Threat Report' is based comes from 50 customer sites.
In 44% of the companies surveyed, at least one file that would have caused a security problem was detected and averted on the USB sticks used. 26% of the threats detected had the potential to cause significant disruption, where operators would no longer have been able to visualize the process and manage their operations. Around 1/6 of the attacks were directly targeted at industrial control systems or Internet of Things (IoT) devices.
"The data shows significantly stronger threats than previously assumed. Overall, the results show that many of these attacks were targeted and intentional," said Eric Knapp, Director of Strategic Innovation, Honeywell Industrial Cyber Security. "This research confirms what we have suspected for many years - USBs are a real threat to industrial organizations. What's most surprising is the scope and scale of the threats, many of which can lead to serious and dangerous situations in plants with industrial processes."
The threats in detail
The data analyzed was captured by Honeywell's Secure Media Exchange (SMX) technology, which is specifically designed to scan and encrypt removable media, including USB drives. Threats detected included sophisticated and long-known types such as Triton and Mirai, as well as variants of Stuxnet, a type of attack originally used by nation states to disrupt industrial operations. Comparative tests showed that up to 11% of the threats detected would not have been reliably detected by traditional protection technologies. "This data underscores the need for advanced systems to detect such threats," said Knapp. The Honeywell Industrial USB Threat Report recommends a combination of employee training, process adjustments and technical solutions to reduce the risk of exposure to USBs in industrial facilities.
You might also be interested in
Federal government establishes agency for cyber security
The Cybersecurity Agency will primarily focus on promoting research projects to protect citizens and infrastructure and will begin its work next year.
read more...Cyber security / SSL certificates
Chrome warns of http websites
Website operators who still maintain an http site may be surprised these days that suddenly far fewer visitors are finding their way to them. One reason could be the final phase of Google's ambitious plan to make the internet more secure.
read more...What is behind it?
In the event of cyber incidents, special insurance policies cover both personal damage and third-party claims. Oliver Delvos, Team Leader Cyber Insurance at AIG for the DACH region, explains how this works and why companies should look into it now.
read more...Private devices as a security risk
In most companies, far more devices connect to the network every day than there are employees, including many personal smartphones, fitness trackers and digital assistants. For cyber criminals, this shadow IT is an attractive gateway into the...
read more...One third of industrial companies with a security incident
According to a recent Kaspersky study, which surveyed 320 cybersecurity managers responsible for industrial control systems worldwide in April/May 2018, 31% of companies had experienced at least one cybersecurity incident in the past year.
read more...No accidental changes to files
CodeMeter 6.80 from Wibu-Systems supports Universal Write Filter (UWF), a Windows option from Microsoft that prevents accidental changes to files, which is particularly important for embedded systems.
read more...Security through network segments
The Microwall Gigabit from Wiesemann & Theis is the first in a series of easy-to-use security products for industry and manufacturing.
read more...Mushroom is the victim of a targeted hacker attack
The automation technology provider Pilz from Ostfildern was the victim of a targeted cyber attack on Sunday, October 13. All server and PC workstations worldwide, including the company's communication network, were affected.
read more...Four out of ten ICS computers are under threat
Kaspersky's latest report on cyber threats for the first half of 2019 shows that 41.2% of ICS (Industrial Control System) computers were exposed to an attack. The energy sector is most frequently affected - including by generic malware.
read more...