Honeywell’s latest release, the 2024 USB Threat Report, sheds light on the emerging peril of “silent residency” cyber threats targeting industrial and critical infrastructure facilities. This report underscores the escalating risk posed by “living off the land” (LotL) attacks, where adversaries exploit USB devices to infiltrate industrial control systems, laying dormant until opportune moments to strike.
Michael Ruiz, Honeywell’s vice president of OT cybersecurity, emphasizes that modern cyber-physical attacks transcend traditional exploits, focusing on silent residency tactics to covertly compromise systems. This tactic allows attackers to clandestinely observe operations before launching devastating assaults that evade detection.
Key findings in the report highlight the alarming prevalence of USB-borne malware, posing significant threats to industrial facilities. Malicious programs detected by Honeywell’s Secure Media Exchange could potentially disrupt or manipulate critical industrial processes, posing catastrophic risks.
Ruiz underscores the urgency of bolstering defences against sophisticated cyber threats as digital transformation and automation accelerate. USBs serve as a primary entry point for attackers, with malware designed to exploit vulnerabilities and wreak havoc within operational technology (OT) environments.
Drawing from the Honeywell Global Analysis, Research, and Defense (GARD) team’s extensive data analysis, the report reveals concerning trends:
– USB devices remain a prevalent attack vector, with 51% of malware spreading through USBs, marking a substantial increase from previous years.
– Content-based malware, leveraging existing documents and scripts maliciously, is on the rise, comprising 20% of malware.
– Over 13% of blocked malware exploits common document formats like Word, Excel, and PDF, highlighting the diverse tactics employed by attackers.
– A staggering 82% of malware possesses capabilities to disrupt industrial operations, leading to loss of visibility, control, or system outages in OT environments.
In response to these threats, Honeywell underlines the importance of advanced cybersecurity measures and collaboration with customers to safeguard assets and data from malicious actors.
As industries navigate the evolving threat landscape, proactive measures are essential to fortify defences against USB-borne cyber-attacks and mitigate potential risks to critical infrastructure.