International. Honeywell published its 2024 USB Threat Report, according to which the so-called “silent residence” poses an increasing risk to industrial and critical facilities.
In the document, the company highlights the increased possibilities of Living off the Land (LotL) type cyber attacks in which USB devices are used to access industrial control systems, in order to hide in plain sight and observe operations before launching attacks that evade detection and manipulate target systems.
“Targeted cyber-physical attacks are more than just zero-day exploits that take advantage of an unknown or unresolved vulnerability. Now they also consist of silent residence, that is, the use of LotL attacks to wait for the opportune moment to arrive to make a system turn against itself,” says José Fernandes, CEO & president of Honeywell Latin America.
In its sixth edition, the report highlights the serious risk that USB-borne malware poses to industrial and critical infrastructure facilities. The main conclusions of the report indicate that adversaries have a complete understanding of industrial environments and how they operate. Most malware detected on USB devices by Honeywell Secure Media Exchange could cause loss of visibility or control of an industrial process, a potentially catastrophic scenario for operators.
“As digital transformation and automation advance, exposure to sophisticated and malicious cyberattacks increases, with devastating consequences in terms of reputation, security and continuity,” said Fernandes. “There are numerous ways an operational technology (OT) environment can be infiltrated, including through USB devices. With our advanced comprehensive technology and extensive experience, at Honeywell we collaborate with our customers to strengthen their ability to protect their assets and data against these threats.”
The 2024 report is based on Honeywell's Global Analysis, Research and Defense (GARD) team's tracking and analysis of aggregated cyber threat data from hundreds of industrial facilities globally over a 12-month period. Among the main conclusions of the report, the following stand out:
- USB devices continue to be used in industrial environments as an initial attack vector, as 51% of malware is designed to spread via USB, a nearly six-fold increase from 9% in 2019.
- Content-based malware, which uses existing documents and script functions for malicious purposes, is on the rise and accounts for 20% of all malware.
- More than 13% of all malware blocked specifically exploited the capabilities inherent in common documents, such as Word, Excel, and PDF files.
- 82% of malware has the ability to cause disruptions in industrial operations, resulting in loss of visibility, control or system failures in OT environments.
The full report can be downloaded online.
