Moreno Carullo, co-founder and CTO of Nozomi Networks, told SC Media UK that USB drivers have been a significant attack vector for several years with Stuxnet as the most notable example. “Operators should consistently employ all necessary precautions when allowing an external driver into an Industrial Control System (ICS), even if the source is well known. Malicious USBs could be used for disrupting the normal process operation (DOS) or for stealing credentials (NTLM relay attack). While blocking port 1947 is an option to mitigate the problem, it is also not a solution that is suited for all business processes,” he said.

Read More