International. Honeywell released its 2024 USB Threat Report, according to which the so-called "quiet residence" poses a growing risk to industrial and critical facilities.
In the document, the company highlights the increased possibilities of Living off the Land (LotL) type cyberattacks in which USB devices are used to access industrial control systems, in order to hide in plain sight and observe operations before launching attacks that evade detection and manipulate the targeted systems.
"Targeted physical cyberattacks are more than just zero-day exploits that take advantage of an unknown or unresolved vulnerability. Now they also consist of silent residency, that is, the use of LotL attacks to wait for the opportune moment to turn a system against itself," says José Fernandes, CEO & President of Honeywell Latin America.
Now in its sixth edition, the report highlights the serious risk that USB-borne malware poses to industrial and critical infrastructure facilities. The main findings of the report indicate that adversaries are well aware of industrial environments and how they work. Most malware detected on USB devices by Honeywell's Secure Media Exchange could cause loss of visibility or control of an industrial process, a potentially catastrophic scenario for operators.
"As digital transformation and automation progresses, exposure to
sophisticated and malicious cyberattacks, with devastating consequences in terms of reputation, security and continuity," said Fernandes. "There are numerous ways in which you can infiltrate an operational technology (OT) environment, including through USB devices. With our advanced end-to-end technology and deep expertise, Honeywell collaborates with our customers to strengthen their ability to protect their assets and data from these threats."
The 2024 report is based on the tracking and analysis of aggregated cyber threat data by Honeywell's Global Advocacy and Analysis, Research (GARD) team from hundreds of industrial facilities globally over a 12-month period. Among the main findings of the report are the following:
- USB devices continue to be used in industrial environments as an initial attack vector, with 51% of malware designed to spread via USB, a nearly six-fold increase from 9% in 2019.
- Content-based malware, which uses existing documents and scripting functions for malicious purposes, is on the rise and accounts for 20% of total malware.
- More than 13% of all locked malware specifically took advantage of the capabilities inherent in common documents, such as Word, Excel, and PDF files.
- 82% of malware has the ability to cause disruptions to industrial operations, resulting in loss of visibility, control, or system failures in OT environments.
The full report can be downloaded online.
Leave your comment