How removable media attacks are still affecting ICS/OT systems
Introduction Industrial Control Systems (ICS) play a critical role in […]
Share This Article:
Introduction
Industrial Control Systems (ICS) play a critical role in managing and controlling essential infrastructure such as power plants, water treatment facilities, manufacturing plants, and transportation networks. These systems rely on robust security measures to prevent unauthorized access, disruptions, and potential disasters. However, one often underestimated threat vector is the use of USB keys or removable media within ICS environments.
The USB Threat Landscape
USB removable media, including flash drives, external hard drives, and other storage devices, pose significant risks to ICS networks. A key finding from the Honeywell 2024 USB threat report shows that the evolution of USB-borne malware sophistication, targeting and impact on process control over six years has increased.
What are the implications for OT Operators?
Understanding Industrial Environments:
Recent evidence shows that attackers are becoming more aware of how industrial systems work. They understand the technology used and the types of files exchanged within these environments.
Sophisticated Attacks:
Adversaries are using advanced techniques to avoid detection and persistently infiltrate systems. They combine clever strategies to exploit the inherent features of the target systems.
USB Drives as a Threat:
USB drives are intentionally used as a starting point for attacks in industrial control systems (ICS). Organizations should create clear policies for USB security and enforce technical controls to enhance safety when using USB devices.
Fast-Evolving Threats via USB:
New types of threats are emerging rapidly, especially through USB connections. These threats specifically target industrial systems. To combat this, existing security measures should be reviewed, and incident response procedures should be integrated.
Air Gap Breaches:
Attackers use USB drives to breach air-gapped industrial systems. Once inside, they create backdoors and gain remote access to install harmful software. Controlling outbound network connections is crucial.
Keeping Antivirus Software Updated:
Traditional antivirus software often misses threats in industrial environments. Regularly updating antivirus controls is essential to stay effective.
What are some effective prevention strategies?
To mitigate the risks associated with USB keys in ICS systems, organizations should adopt the following preventive measures:
Strict Access Control:
Limit physical access to USB ports on critical ICS devices, install physical barriers (e.g., sealing, USB blocks) to prevent unauthorized use of built-in USB ports4.
Endpoint Security Solutions:
Deploy data loss prevention (DLP) software that controls USB device access. For example, many endpoint control applications allow authorized USB devices only and will regularly scan USB devices for malware before connecting them to ICS systems.
Education and Policies:
Train employees and ICS operators about the risks of using USB keys, implement clear policies regarding USB usage, including guidelines for scanning and safe handling.
Encryption and Authentication:
Encrypt data on USB keys to protect it from unauthorized access, use strong authentication mechanisms to ensure that only authorized personnel can use USB devices.
Regular Backups:
Maintain regular backups of critical ICS system configurations and data. This reduces the impact of any potential malware infection.
Conclusion
Removable hardware still poses a significant risk to OT/ICS systems and although a low sophistication attack can provide the first step in compromising key parts of the system.
The types and scale of malware do vary and although some may be considered low risk this vector still provides a suitable entry point for lateral movement and further system compromise.
Anchoram Consulting provides an integrated security approach to technical controls and advisory for OT/ICS systems and our staff possess real world experience with Operational Technologies and associated protection strategies for more information on how we can assist reach out via our contact form.
Introduction Industrial Control Systems (ICS) play a critical role in […]
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.