The 6th Honeywell cybersecurity research concludes that yes, you are being targeted, and maybe not where you expect it. Yes, it is still humans that are the most vulnerable link in the cybersecurity defense Maginot line.
- New research indicates increasing sophistication of cyber criminals targeting operational technology (OT) and the industrial sector
- USB devices continue to be leveraged as part of larger cyberattack campaigns aiming to manipulate rather than exploit
New research from Honeywell provides insight into just how dangerous unchecked USB devices can be in operational technology (OT) environments. Honeywell discovered that adversaries are now using USB devices to gain access to industrial control systems, where they can hide and observe operations before launching attacks that leverage the inherent capabilities of the systems, known as “living off the land” (LotL) attacks. These attacks are less dependent on exploiting vulnerabilities and more focused on collecting information, evading detection and manipulating the target systems.
“Targeted cyber-physical attacks are no longer about zero-day exploits that take advantage of an unknown or unaddressed vulnerability. Instead, they are more about silent residency – using LotL attacks to wait until there is an opportune moment to turn a system against itself,” said Micheal Ruiz, vice president of OT cybersecurity for Honeywell.
According to the report, most of the malware detected on USB devices by Honeywell’s Secure Media Exchange could cause loss of view or loss of control of an industrial process, a potentially catastrophic scenario for operators.
The 2024 report is based on the Honeywell Global Analysis, Research and Defense (GARD) team’s tracking and analysis of aggregated cybersecurity threat data from hundreds of industrial facilities globally during a 12-month period.
Several of the report’s additional key findings included:
- USB devices continue to be used as an initial attack vector into industrial environments, as 51% of malware is designed to spread via USB, a nearly six-fold increase from 9% in 2019.
- Content-based malware, which uses existing documents and scripting functions maliciously, is on the rise, accounting for 20% of malware.
- Over 13% of all malware blocked specifically leveraged the inherent capabilities of common documents, such as Word, Excel and PDF documents.
- Malware can cause significant impact, such as loss of view, loss of control, or system outages in OT environments. 82% of malware is capable of causing disruption to industrial operations.
