"USBs Still a Major OT Infection Vector"

Security researchers at IBM X-Force have found that removable media represents the second greatest threat to operational technology (OT) systems so far this year.  The researchers also found that phishing was the number one initial access vector for attackers in 2021 and was present in 78% of incidents analyzed over January-June 2022.  However, tying for second place were scanning and exploitation of vulnerabilities and use of removable media (both 11%).  The researchers stated that using personal laptops by workers in the field often leads to infected USBs, which are then plugged into operator workstations.  The researchers argue that, ideally, USB flash drives should be prohibited when possible.  The researchers stated that if absolutely necessary, strictly control the number of portable devices approved for use in your environment and disable autorun features for any removable media.  During their research, the researchers also found other threats to OT environments.  The researchers noted that for organizations with OT monitoring tools installed, 57% of alerts concerned the continued use of the outdated and insecure TLS 1.0 encryption method.  An additional 42% of OT alerts related to attempted and successful brute force attacks.  The remaining 1% was accounted for by various “enumeration alerts,” including Modbus function code, illegal parameters, and things like weak/default passwords on devices.  The researchers state that manufacturing was the most attacked sector in terms of OT threats in 2021, and it remains so this year, accounting for 23% of total incident response cases and 65% among OT industries in the first half of 2022.  

Infosecurity reports: "USBs Still a Major OT Infection Vector"