Join today’s leading executives online at the Data Summit on March 9th. Register here.
A new report from Expel found that that attackers continue to recycle old tricks — this time, the removable media and USB stick effort. During January 2022, the report discovered that removable media were responsible for 9% of all incidents responded to. That increased to 20% for incidents where the initial infection vector involved a physical endpoint (in other words, removing incidents involving a cloud-based service).
Since this threat may not be top of mind for many, it’s a good reminder that old tactics are still in play. A 2016 study, which examined what people would do with a USB found in a parking lot, showed that nearly 50% of people would plug an unknown USB into their computer. While human curiosity is likely just as high in 2022, one can hope that with more people working from home, employees are less likely to find and plug in a USB from the office parking lot.
While security awareness training has focused on unknown USB devices for years, and some organizations require approval per-device before connecting them to a company-owned asset, trusted USB devices remain a threat for businesses.
Trusted USB devices can be infected with malware variants that search for external storage devices connected to a victim host to infect them and spread further. This risk is much greater when endpoint users can transfer USB devices from personal devices to business assets.
During January 2022, Expel saw AsyncRat, Valyrian, Gamarue, Agent Tesla and Forbix malware families attempt to spread through USB devices. Additional generic malicious worms were also observed, including one deployed as a hidden VBScript script file on the device.
These malware variants likely would have attempted to infect any other external USB storage devices attached to these systems had they achieved initial infection without detection.
With tried and true methods of the past making a surge, it’s a reminder that users and organizations can’t forget time-tested attack methods while protecting against new trends.
The insights for this report were determined by analyzing data from all Expel customer incidents from January 1-31, 2022.
Read the full report from Expel.