The rise in USB-borne malware requires special attention
By BUFFERZONE Team, 26/02/2023
Using USB and other removable devices to carry out sophisticated cyberattacks is not usually the first thing that comes to mind when we think of cybercriminals, often believed to be operating from remote locations in some of the world’s less civilized countries far away from their victims.
However, a new report indicates that the threat of USB-borne malware should be considered a severe concern to manufacturing and industrial facilities. The 2022 Honeywell Industrial Cybersecurity USB Threat Report suggests that this year, 52 percent of threats were specifically designed to utilize removable media, up from 32% in 2021 and more than double the 19% reported in the 2020 study.
The report also shows that threats designed to establish remote access capabilities remained steady at 51%, while threats capable of causing loss of control or loss of view increased to 81%, up from 79%.
Source: Honeywell Industrial Cybersecurity USB Threat Report 2022
Of the threats identified, Trojans comprised 76% of the malware detected, while malware capable of providing remote access or remote control was 51%.
“For the fourth year in a row, the threats seen attempting to enter industrial/OT environments have continued to increase in sophistication, frequency, and potential risk to operations,” Honeywell experts concluded. “USB-borne malware is being leveraged as part of larger cyberattack campaigns against industrial targets.”
As the threat is significant, organizations are advised to adopt a clear security policy and implement external controls to provide real-time detection and protection. A simple and cost-effective solution that adds another layer of security is BUFFERZONE’s Safe Workspace endpoint security software, which is an ideal solution to protect enterprises from advanced threats by isolating external storage in a secure virtual container that prevents exploits from getting into the system.
BUFFERZONE’s unique isolation technology can be enforced on removable drives according to the license flavor.
By using BUFFERZONE® Safe Removable, an isolation technology enforced by BUFFERZONE’s kernel drive is enforced, creating two separate “zones” – trusted and untrusted, allowing logical segregation between both, applying isolation enforcement on the untrusted zone.
BUFFERZONE’s isolation allows exploring untrusted files that may contain threats sourced from external storage devices (AKA USB), including blocking of unsigned executables, whether they are configured to autorun or be run manually, tricking the user into opening it.
BUFFERZONE’s Safe Workspace ensures that when a USB memory stick is inserted into a computer, it opens inside the BUFFERZONE virtual container. From the user’s perspective, the files open normally. But behind the scenes, the files are opened in an isolated environment. If malware is present on the removable device or USB memory, it will be contained in this Safe Workspace, where it cannot affect the rest of the endpoint or access the company’s network.
With BUFFERZONE®, files can be safely disarmed of any risky components and removed from the container. Optionally, the organizational policy can have this happen automatically. Periodically, the container with any possible malware is emptied.
The solution does not rely on error-prone, easily outdated detection, instead providing a proactive containment and disarming solution that works equally on known and unknown malware.