Beware of the Rising Menace: Malware Infested USB Drives

Recent research suggests that despite the growing popularity of cloud storage, physical storage drives are once again becoming a prominent avenue for hosting malware. Cybersecurity experts at Mandiant have observed a significant increase in USB-based incidents during the first half of 2023, with a threefold rise in attacks employing USB drives to steal sensitive information.

Prior to this surge in attacks, Mandiant had mainly noted isolated incidents concentrated in the Philippines. However, it seems that these attacks are now spreading globally.

USB Malware Attacks On the Rise

USB drives may have lost their popularity among many, but they are still proving to be a favored tool for cybercriminals. In the past, these drives were commonly exploited due to security weaknesses, allowing malware to spread through external storage devices. While attackers have become more sophisticated over time, some are now reverting back to using USB drives.

One example of modern-day malware is SNOWYDRIVE, which enables attackers to remotely issue system commands via a host system’s backdoor. This particular campaign, attributed to UNC4698, appears to target the oil and gas industries in Asia.

Mandiant identifies another prevalent USB-based cyber espionage attack that employs USB flash drives. This attack targets both public and private sectors and utilizes SOGU malware. Its goal is to steal sensitive information across various industries, including construction, engineering, business services, government, health, transportation, and retail in Europe, Asia, and the United States. Security analysts have linked this attack to TEMP.Hex, a cyber espionage actor associated with China.

While focus has shifted away from USB-based attacks in favor of safeguarding against more sophisticated methods, attackers are finding success by returning to spreading malware through USB drives, as they can bypass many current security measures.

 

Reference

Denial of responsibility! TechCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
Denial of responsibility! TechCodex is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
DMCA compliant image

Leave a Comment