The United States Industrial Control Systems – Cyber Emergency Response Team (ICS-CERT) is warning organizations to be extra cautious when handling removable media flash drives since there are a lot of malicious elements that utilize them to spread.
They’re not necessarily referring to Stuxnet, Flame or other infamous Trojan that targeted Iranian nuclear facilities
sometime in the past, but an incident that took place in April 2012.
Workers in an energy company identified a piece of malware on a USB stick left by mistake in the USB port of a human-machine interface (HMI) computer by another staffer.
Fortunately, the Hamweq virus couldn’t perform its tasks because it depended on the operating system’s auto-run function, which was disabled on all devices.
If the auto-run feature would have been enabled, the threat could have injected malicious code and created a backdoor which may have been leveraged by the attackers to steal sensitive information.
According to ICS-CERT
, in order to avoid similar incidents, organizations should always properly mark removable media. They should also disable auto-run functions when it’s possible.
Other recommendations include the use of dedicated media for the same types of systems, and the separation of malfunctioning or potentially infected drives from ones that are catalogued as being acceptable.
Finally, the employees that operate industrial control systems should never connect removable media drives with an unknown origin to a system without properly checking it first. They should also avoid using personally owned devices for work-related tasks.
Organizations that specialize in cyber security have issued numerous reports showing that critical infrastructures have become a tempting target for all sorts of attacks. This is why companies responsible for them should always be on guard and follow best security practices.
As the incident presented here demonstrates, the slightest mistake could have devastating effects.