Malware spread via USB drives poses a significant threat to emerging markets as threat actors look to target networks not connected to the internet, including those powering critical infrastructure.
Countries in Asia, Africa, and South America have been among the most infected, although researchers also noted isolated attacks in both Europe and North America, according to a Sept. 25 Kaspersky blog post.
USB devices and other removable media are also being used to spread cryptominers which were described as rare, but persistent threats, with some victims found to have been carrying the infection for years.
Researchers noted that the rate of detection for Trojan.Win64.Miner.all, is growing year-on-year, with one in 10 of all users hit by removable media infections in 2018 targeted with this cryptominer.
USB malware has also been used in major infection campaigns such as the 2010 Stuxnet exploit, which remains one of the most malicious exploits ever spread via removable media. “In 2009 and 2010, the Stuxnet worm targeted Iran’s nuclear facilities in order to disrupt operations,” researchers said in the report.
Other popular malware spread by this method include the Windows LNK family of Trojans, which has been among the top three USB threats detected since at least 2016, and Dark Tequila, a complex banking malware reported on August 21, 2018, targeting consumers and corporate victims in Mexico.
Kaspersky also cited the Sality virus and the Dinihou worm that automatically copies itself onto a USB drive, creating malicious shortcuts (LNKs) that launch the worm as soon as the new victim opens them.
“This data shows that the number of removable media (drive root) threat detections has declined steadily since 2014, but the overall rate of decline may be slowing down,” the researchers said. “In 2014, the ratio between a user affected by a removable media threat and the total number of such threats detected was 1:42; by 2017 this had dropped by around half to 1:25; with the estimate for 2018 around 1:22.”
Researchers noted the numbers pale in comparison to web-borne threats, as the firm detected 113.8 million likely removable media threats, while its web antivirus repelled just under 1.2 billion attacks launched from online resources.
To prevent these types of attacks, researchers recommend users be careful about the devices they connect to their computers, invest in encrypted USB devices from trusted brands, and make sure all data stored on the USB is also encrypted.
In addition, users should have a security solution that checks all removable media for malware before it’s connected to the network as even trusted brands can be compromised through their supply chain. Businesses should go a step further and be sure to educate employees on safe USB practices and manage the use of USB on their network.
