Following what seems to be a decline in USB drive-related cybercrime, the first half of 2023 saw an increasing number of cases of malware attacks with USB drives as the access point.

Per the report by Mandiant, it identified two malware campaigns as the culprit behind the surge—one from the Chinese espionage threat group TEMP.HEX’s “Sogu” and another, UNC4698’s “Snowydrive.” The latter is known to target gas and oil firms in Asia.

In a November 2022 report, Mandiant emphasized how entities in the Philippines were infected by four unique malware families through USB devices.

Meanwhile, in January 2023, Unit 42 by Palo Alto Network revealed a variation of the PlugX malware, said to lay hidden in USB drives and infect the Windows host they are connected to.

USB-drive-malware-2

See also: 5 things you can do with USB flash drives

Of the two listed malware, Sogu is said to be the most aggressive, affecting a wide range of industries—pharmaceutical, IT, energy, communications, energy, etc.—across the globe, including the stealing of data from the affected.

The report identified the common victims of the malware as those coming from Australia, Austria, China, France, Indonesia, Italy, Japan, Poland, Singapore, Switzerland, the UK, and the United States, in addition to the Philippines.

Spreading malware via USB drives may have drawbacks for requiring physical access to the target on the part of the culprit. However, the aforementioned malware are significant in 2023 for what they can accomplish—they are stealthy, can circumvent security measures, can access corporate networks, and can spread on air-gapped systems separate from unsecured networks.

USB-drive-malware-1

While how each malware gets to enter and affect various industries is a subject of many different tales, Mandiant claims that hotels and print shops are commonplace as USB infection hotspots.

Ultimately, the notion that USB drives remain a part of many systems only makes them vulnerable as target victims of malware.

Leave a comment

Your email address will not be published. Required fields are marked *