By looking at a very specific vector into industrial automation environments, we get a unique opportunity to analyze the real malware threats that industrial organizations face.
This is important because there are only a few actual vectors into OT (Operational Technology) environments: the network, limited to specific information conduits between operational and business networks; physical access by authorized users; and supply chain through which hardware and software enters a mill, plant, refinery, or other industrial automation facility.
Removable media falls into two of these categories:
physical access (thumb drives and other media
physically carried into a facility); and the supply chain.
This report focuses specifically on malware (intrusive software) found on USB storage devices used to carry files into, out of, and in between industrial facilities.
The results of the Honeywell Industrial Cybersecurity USB Threat Report are based on malware detected and blocked by technology deployed globally by Honeywell. All data is anonymous, and therefore no correlation can be made to specific organizations, industries, or geographic regions.
However, all data is derived from production OT facilities, presenting a unique glimpse at the types of malware threats facing industrial environments via USB removable media.
Note: Malicious USB devices and peripherals crafted specifically to attack computers via the USB interface,
while increasingly popular and highly effective, are not included in this report (please refer to the Honeywell USB Hardware Attack Platforms Report).