The USB stick is one of those seemingly harmless plug-in accessories that we’ve all used for sharing files and for those last-minute meeting room nightmares when your colleague that was supposed to be presenting your team’s update can’t get online or connect to the projector!
Various incarnations, shapes and sizes of USB devices have been around for almost 20 years now, offering an easy and convenient way to store and transfer digital files between computers that are not directly connected to each other or to the internet.
Even though there’s cool new ways to share things online and via cloud apps, there’s no harm in your users keeping USB sticks ‘just in case’, right? Nowadays, cloud services such as Dropbox have taken on much of USB stick’s traditional workload in terms of file storage and transfer, and there is greater awareness of the security risks associated with USB devices. Because of this, USBs use as an essential business tool is declining – yet millions of USB devices are still produced and distributed annually, with many destined for use in homes, businesses and as marketing promotional items for trade show giveaways.
Is this scaremongering or is the risk of company data loss from USBs real?
99 times out of 100 probably not. But there’s always that risk as Heathrow Airport among many others have found out with its recent £120,000 fine from the ICO. While Heathrow largely ‘got away with that one’ from a hacking perspective at least, USBs have been exploited by cyberthreat actors, most famously by the Stuxnet worm in 2010, which used USB devices to inject malware into the network of an Iranian nuclear facility. And as well as the actual risk of company data loss, there’s also the reputational risk and financial damage of fines from regulations such as the GDPR.
We also understand that laptops, tablets, phones and other such portable endpoint devices with access to sensitive data will always be areas of potential data breach (we can help with those too…), but for the purposes of this article we’re singling out the poor USB!
What do the figures tell us?
In 2016, researchers from the University of Illinois left 297 unlabelled USB flash drives around the university campus to see what would happen. 98% of the dropped drives were picked up by staff and students, and at least half were plugged into a computer in order to view the content. For a hacker trying to infect a computer network, those are pretty irresistible odds.
USB devices remain a target for cyberthreats. Kaspersky Lab data for 2017 shows that every 12 months or so, around one in four users worldwide is affected by a ‘local’ cyber incident. These are attacks detected directly on a user’s computer and include infections caused by removable media like USB devices.
This short report reviews the current cyberthreat landscape for removable media, particularly USBs, and provides advice and recommendations on protecting these little devices and the data they carry.
The overview is based on detections by Kaspersky Lab’s file protection technologies in the drive root of user computers, with a specific scan filter and other measures applied. It covers malware-class attacks only and does not include detections of potentially dangerous or unwanted programs such as adware or risk tools (programs that are not inherently malicious, but are used to hide files or terminate applications, etc. that could be used with malicious intent). The detection data is shared voluntarily by users via Kaspersky Security Network (KSN).
Key findings
- USB devices and other removable media are being used to spread cryptocurrency mining software – and have been since at least 2015. Some victims were found to have been carrying the infection for years.
- The rate of detection for the most popular bitcoin miner, Trojan.Win64.Miner.all, is growing by around one-sixth year-on-year.
- One in 10 of all users hit by removable media infections in 2018 was targeted with this crypto-miner (around 9.22%, up from 6.7% in 2017 and 4.2% in 2016).
- Other malware spread through removable media/USBs includes the Windows LNK family of Trojans, which has been among the top three USB threats detected since at least 2016.
- The 2010 Stuxnet exploit, CVE-2010-2568, remains one of the top 10 malicious exploits spread via removable media.
- Emerging markets are the most vulnerable to malicious infection spread by removable media – with Asia, Africa and South America among the most affected – but isolated hits were also detected in countries in Europe and North America.
- Dark Tequila, a complex banking malware reported on August 21, 2018 has been claiming consumer and corporate victims in Mexico since at least 2013, with the infection spreading mainly through USB devices.
In our next article we’ll examine how the threat carried by USBs isn’t static, and hacks are unfortunately becoming more and more sophisticated.
Want to find out more?
As Kaspersky Platinum Partners, Complete IT Systems can offer you expert advice on the solutions and how they could be effectively deployed in your business.
To find out more please call us on 01274 396 213 or use our contact form and we’ll arrange a good time to call you back.
