• USB devices, best known for spreading malware between unconnected computers have been harnessed by cyber-attackers as an effective and persistent distribution vehicle for crypto-mining malware. Although the range and number of attacks is relatively low, the victim toll is rising year on year, according to a Kaspersky Lab review of USB and removable media threats in 2018.
Despite having been around for two decades and acquiring a reputation for insecurity, USB devices remain popular business tools and trade show giveaways. This has kept them on the cybercriminal radar, and they are used to spread a range of threats that have stayed remarkably consistent over the last few years. The top 10 list of threats targeting removable media, as detected by Kaspersky Security Network (KSN), has been led since at least 2015 by Windows LNK malware. It also includes the ageing 2010 ‘Stuxnet vulnerability’ exploit, CVE-2010-2568, and, increasingly, crypto-miners.
According to KSN data, a popular crypto-miner detected in drive-roots is Trojan.Win32.Miner.ays/ Trojan.Win64.Miner.all, known since 2014. The Trojan drops the mining application onto the PC, then installs and silently launches the mining software and downloads the requirements that enable it to send any results to an external server controlled by the attacker. Kaspersky Lab’s data shows that some of the infections detected in 2018 date back years, indicating a lengthy infection likely to have had a significant negative impact on the processing power of the victim device.
Detections of the 64-bit version of the miner are growing by around a sixth year-on-year, increasing by 18.42% between 2016 and 2017, and expected to rise by 16.42% between 2017 and 2018. These results suggest that propagation via removable media works well for this threat.
Emerging markets, where USB devices are more widely used for business purposes, are the most vulnerable to malicious infection spread by removable media – with Asia, Africa and South America among the most affected. But isolated hits were also detected in countries in Europe and North America.
USB devices have also been used in 2018 to spread Dark Tequila, a complex banking malware reported on August 21, 2018, and which has been claiming consumer and corporate victims in Mexico since at least 2013. In addition, according to KSN data, 8% of threats targeting industrial control systems in the first half of 2018 were spread via removable media.
USB devices may be less effective at spreading infection than in the past, due to growing awareness of their security weakness and declining use as a business tool, but our research shows they remain a significant risk that users should not underestimate. The medium clearly works for attackers, because they continue to exploit it, and some infections go undetected for years. Fortunately there are some very easy steps users and businesses can take to stay secure, said Denis Parinov, Anti-malware Researcher at Kaspersky Lab.
USB devices offer many advantages: they are compact and handy, and a great brand asset, but the devices themselves, the data stored on them and the computers they are plugged into are all potentially vulnerable to cyberthreats if left unprotected.
Kaspersky Lab recommends the following steps to secure the use of USB devices and other removable media:
Advice for all USB users:
- Be careful about the devices you connect to your computer – where did it come from?
- Invest in encrypted USB devices from trusted brands – this way you know your data is safe even if you lose the device
- Make sure all data stored on the USB is also encrypted
- Have a security solution in place that checks all removable media for malware before they are connected to the network as even trusted brands can be compromised through their supply chain
Additional advice for businesses:
- Manage the use of USB devices: define which USB devices can be used, by whom and for what
- Educate employees on safe USB practices – particularly if they are moving the device between a home computer and a work device
- Don’t leave USBs lying around or on display