USB drives still a potent threat, says Kaspersky
USB drives still in use as an attack vector, including for crypto-mining attacks
USB devices remain a popular vector for cyberattack, according to Kaspersky Lab, and are increasingly being used for crypto-mining attacks.
The security company says that although range and number of attacks that use USB drives is relatively low, and its efficiency as a means of attack is limited, the number of victims continues to rise year-on-year.
Kaspersky Lab has reviewed the state of threats from USB and other removable media, and found that despite good awareness of the dangers of infected USBs, they are still commonly used in business and as giveaways.
The top 10 list of threats targeting removable media, as detected by Kaspersky Security Network (KSN), has been led since at least 2015 by Windows LNK malware. It also includes the ageing 2010 ‘Stuxnet vulnerability' exploit, CVE-2018-2568, and, increasingly, crypto-miners.
According to KSN data, a popular crypto-miner detected in drive-roots is Trojan.Win32.Miner.ays/ Trojan.Win64.Miner.all, known since 2014. The Trojan drops the mining application onto the PC, then installs and silently launches the mining software and downloads the requirements that enable it to send any results to an external server controlled by the attacker.
Detections of the 64-bit version of the miner are growing by around a sixth year-on-year, increasing by 18.42% between 2016 and 2017, and expected to rise by 16.42% between 2017 and 2018. These results suggest that propagation via removable media works well for this threat.
Emerging markets, where USB devices are more widely used for business purposes, are the most vulnerable to malicious infection spread by removable media - with Asia, Africa and South America among the most affected. But isolated hits were also detected in countries in Europe and North America.
USB devices have also been used in 2018 to spread Dark Tequila, a complex banking malware reported on August 21, 2018, and which has been claiming consumer and corporate victims in Mexico since at least 2013. In addition, according to KSN data, 8% of threats targeting industrial control systems in the first half of 2018 were spread via removable media.
"USB devices may be less effective at spreading infection than in the past, due to growing awareness of their security weakness and declining use as a business tool, but our research shows they remain a significant risk that users should not underestimate. The medium clearly works for attackers, because they continue to exploit it, and some infections go undetected for years. Fortunately there are some very easy steps users and businesses can take to stay secure," said Denis Parinov, Anti-malware Researcher at Kaspersky Lab.