Recently, Honeywell published its 2024 USB Threat Report, offering fresh perspectives on how ‘silent residency’ poses a rising cyber threat to industrial and critical infrastructure facilities.
The report emphasized the escalating danger of ‘living off the land’ (“LotL”) attacks, where adversaries employ USB devices to infiltrate industrial control systems, covertly monitor operations, and then execute attacks that avoid detection and alter the targeted systems.
Michael Ruiz, Vice President of OT cybersecurity for Honeywell stated that targeted cyber-physical attacks extend beyond zero-day exploits that exploit unknown or unaddressed vulnerabilities. He explained that they now also encompass silent residency, using LotL attacks to bide time until an opportune moment arises to turn a system against itself.
Now in its sixth edition, the report highlights the significant threat USB-borne malware presents to industrial and critical infrastructure facilities. The report’s key findings show that adversaries now possess a deep knowledge of industrial settings and their operations.
According to the report, the majority of malware found on USB devices by Honeywell’s Secure Media Exchange could lead to loss of view or control over an industrial process, a scenario that could be disastrous for operators.
Ruiz cited that as digital transformation and automation progress, the susceptibility to sophisticated and malicious cyberattacks that could devastate reputation, safety, and continuity is also heightened.
He further noted that numerous pathways exist for a malicious actor to penetrate an OT environment, including via USBs. With its advanced end-to-end technology and substantial experience, Honeywell collaborates with customers to bolster their defenses against these threats, enhancing their ability to safeguard their assets and data.
The 2024 report draws on the tracking and analysis of aggregated cybersecurity threat data from hundreds of industrial facilities worldwide by the Honeywell Global Analysis, Research, and Defense (GARD) team over a 12-month period.
Additional vital findings from the report revealed that USB devices remain a primary attack vector in industrial settings, with 51% of malware engineered to propagate through USB, marking a nearly six-fold increase from 9% in 2019. Further, content-based malware, exploiting existing documents and scripting functions for malicious purposes, has been increasing and now constitutes 20% of malware.
Key insights from the report cited more than 13% of all blocked malware specifically exploited the built-in features of common documents, like Word, Excel, and PDF files. Also, 82% of malware had the potential to disrupt industrial operations, causing loss of view, loss of control, or system outages in OT environments.
More About Honeywell
Honeywell operates as a unified company catering to a wide array of industries and regions globally. The company’s business aligns with three dominant megatrends—automation, the future of aviation, and energy transition—supported by the Honeywell Accelerator operating system and the Honeywell Connected Enterprise integrated software platform.
As a reliable ally, the corporation assists enterprises in tackling the most difficult, intricate problems, offering practical solutions and breakthroughs via the company’s Aerospace Technologies, Industrial Automation, Building Automation, and Energy and Sustainability Solutions divisions, contributing to a smarter, safer, and more sustainable world.
