Honeywell Report Finds ‘Silent Residence’ Driving Growing Cyber ​​Threat to Industrial Facilities and Critical Infrastructure

Honeywell recently released its 2024 USB Threat Report, which provides new insight into how “silent residence” poses a growing cyber threat to industrial facilities and critical infrastructure. In the report, Honeywell highlighted the growing risk of “living off the land” (“LotL”) attacks in which adversaries use USB devices to access industrial control systems to hide and observe operations before to launch attacks that evade detection and manipulate. target systems.

“Targeted cyber-physical attacks are more than zero-day exploits that take advantage of an unknown or unpatched vulnerability. Instead, they are now also targeting silent residency – using LotL attacks to wait for the opportune moment to turn a system against itself,” said Micheal Ruiz, vice president of OT cybersecurity at Honeywell.

The report, now in its sixth year, highlights the serious risk that USB-borne malware poses to industrial facilities and critical infrastructure. The report’s key findings indicate that adversaries now have a solid understanding of industrial environments and how they operate. According to the report, most malware detected on USB devices by Honeywell’s Secure Media Exchange could result in loss of sight or loss of control of an industrial process, a potentially catastrophic scenario for operators.

“As digital transformation and automation accelerate, so does exposure to sophisticated and malicious cyberattacks that can have devastating consequences in terms of reputation, security and continuity,” Ruiz said. “There are many ways for a malicious actor to infiltrate an OT environment, including via USB drives. Using Honeywell’s advanced end-to-end technology and deep experience, we work with our customers to improve their ability to protect their assets and data against these threats.

The 2024 report is based on the Honeywell Global Analysis, Research and Defense (GARD) team’s tracking and analysis of aggregated cybersecurity threat data from hundreds of industrial facilities worldwide over a 12-month period .

Several of the report’s additional key findings included:

  • USB devices continue to be used as a primary attack vector in industrial environments, as 51% of malware is designed to spread via USB, a six-fold increase from 9% in 2019.
  • Content-based malware, which uses existing documents and script functions maliciously, is on the rise and accounts for 20% of malware.
  • More than 13% of all blocked malware specifically exploited the inherent capabilities of common documents, such as Word, Excel, and PDF documents.
  • 82% of malware is capable of disrupting industrial operations, leading to loss of vision, loss of control or system outages in OT environments.

To download the full report, visit: