Honeywell Raises the Alarm on New Industrial Cybersecurity Threat

May 29, 2024
A new report from Honeywell explains how “silent residency” has become an increasing threat to industrial facilities.

Honeywell has released its 2024 USB Threat Report, which provides new insights into how “silent residency” has become an increasing cyber threat for industrial and critical infrastructure facilities. In the report, Honeywell highlighted the growing risk of these new attacks—referred to as “living off the land” (LotL)—in which adversaries use USB devices to gain access to industrial control systems to hide and observe operations before launching attacks that evade detection and manipulate the target systems. 

“Targeted cyber-physical attacks are more than zero-day exploits that take advantage of an unknown or unaddressed vulnerability. Instead, they are now also about silent residency—using LotL attacks to wait until there is an opportune moment to turn a system against itself,” said Micheal Ruiz, vice president of OT (operations technology) cybersecurity for Honeywell. 

According to the report, most of the malware detected on USB devices by Honeywell’s Secure Media Exchange could cause loss of view or loss of control of an industrial process, a potentially catastrophic scenario for operators.

The 2024 report is based on the Honeywell Global Analysis, Research and Defense (GARD) team’s tracking and analysis of aggregated cybersecurity threat data from hundreds of industrial facilities globally during a 12-month period. 

Key findings in the report include:

  • USB devices continue to be used as an initial attack vector into industrial environments, as 51% of malware is designed to spread via USB—a nearly six-fold increase from 9% in 2019.
  • Content-based malware, which uses existing documents and scripting functions maliciously now accounts for 20% of malware.
  • More than 13% of all malware blocked use the inherent capabilities of common documents, such as Word, Excel and PDF documents.
  • 82% of malware is capable of causing disruption to industrial operations, resulting in loss of view, loss of control or system outages in OT environments.

Sponsored Recommendations

Rock Quarry Implements Ignition to Improve Visibility, Safety & Decision-Making

George Reed, with the help of Factory Technologies, was looking to further automate the processes at its quarries and make Ignition an organization-wide standard.

Water Infrastructure Company Replaces Point-To-Point VPN With MQTT

Goodnight Midstream chose Ignition because it could fulfill several requirements: data mining and business intelligence work on the system backend; powerful Linux-based edge deployments...

The Purdue Model And Ignition

In the automation world, the Purdue Model (also known as the Purdue reference model, Purdue network model, ISA 95, or the Automation Pyramid) is a well-known architectural framework...

Creating A Digital Transformation Roadmap Using A Unified Namespace

Digital Transformation has become one of the most popular buzzwords in the automation industry, often used to describe any digital improvements to industrial technology. But what...