In light of the recent security breaches at Heathrow Airport involving misplaced USB drives, we’re continuing our theme of highlighting the chilling perils of USBs for business data.
Malware delivered via removable media
The top malware spread via removable media has stayed relatively consistent since at least 2016. For example, the family of Windows LNK malware, Trojans containing links for downloading malicious files or paths for launching a malicious executable, has remained among the top three threats spread by removable media. This malware is used by attackers to destroy, block, modify or copy data, or to disrupt the operation of a device or its network. The WinLNK Runner Trojan, which was the top detected USB threat in 2017, is used in worms for launching executable files.
In 2017, 22.7 million attempted WinLNK.Agent infections were detected, affecting nearly 900,000 users. The estimate for 2018 is around 23 million attacks, hitting just over 700,000 users. This represents a 2% rise in detections and a 20% drop in the number of users targeted year-on-year.
For the WinLNK Runner Trojan the numbers are expected to fall more sharply – with a 61% drop in detections from 2.75 million in 2017 to an estimated 1 million in 2018; and a decline of 51% in the number of users targeted (from around 920,000 in 2017 to just over 450,000 in 2018).
Other top malware spread through USB devices includes the Sality virus, first detected in 2003 but heavily modified since; and the Dinihou worm that automatically copies itself onto a USB drive, creating malicious shortcuts (LNKs) that launch the worm as soon as the new victim opens them.
Miners – rare but persistent
USB devices are also being used to spread cryptocurrency mining software. This is relatively uncommon, but successful enough for attackers to continue using this method of distribution. According to KSN data, a popular crypto-miner detected in drive roots is Trojan.Win32.Miner.ays/Trojan.Win64.Miner.all, known since 2014.
Malware in this family secretly uses the processor capacity of the infected computer to generate the cryptocurrency. The Trojan drops the mining application onto the PC, then installs and silently launches the mining software and downloads the parameters that enable it to send the results to an external server controlled by the attacker.
Kaspersky Lab’s data shows that some of the infections detected in 2018 date back years, indicating a lengthy infection likely to have had a significant negative impact on the processing power of the victim device.
In short, the threats are varied and sophisticated.
What can your business do to safeguard itself?
USB drives offer many advantages: they are compact and handy, and a great brand asset, but the devices themselves, the data stored on them and the computers they are plugged into are all potentially vulnerable to cyberthreats if left unprotected.
Fortunately, there are some effective steps businesses can take to secure the use of USB devices.
Advice for all USB users:
- Be careful about the devices you connect to your computer – do you know where it came from?
- Invest in encrypted USB devices from trusted brands – this way you know your data is safe even if you lose the device
- Make sure all data stored on the USB is also encrypted
- Have a security solution in place that checks all removable media for malware before they are connected to the network – even trusted brands can be compromised through their supply chain
- Manage the use of USB devices: define which USB devices can be used, by whom and for what
- Educate employees on safe USB practices – particularly if they are moving the device between a home computer and a work device
- Don’t leave USBs lying around or on display
Want to find out more?
As Kaspersky Platinum Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.
To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.