One out of 10 malware attacks via USB is a cryptominer

internet INTERNET

It is well known that malicious programs between non-networked computers can be transmitted via the USB port using infected devices. Cybercriminals are currently using the USB port mainly to propagate crypto-mining malware, according to a recent Kaspersky analysis on cyber-driving through USB devices and other removable media for 2018 [1]. Thus, in the year to date every tenth infection (9.22 percent) by a USB storage medium was a crypto-miner malware.

Although the lack of security of USB storage media has been known for some 20 years, they are still popular in the business environment, for example at trade fairs. No wonder that compromised USB sticks are used as a door opener in a corporate network. 

According to Kaspersky Lab's analysis, the top 10 threats to external disks are led by Windows LNK malware. These include the 2010 Stuxnet exploit, CVE-2018-2568, and increasingly crypto-mining programs.

The well-known since the year 2014 pests, Trojan.Win32.Miner.ays' or 'Trojan.Win64.Miner.all' is one of the common crypto-miners, which are distributed via USB sticks and Co. The Trojan places the Mining application on the PC, installs it and secretly loads it there and loads the necessary resources to send the results to an external server that is controlled by the attackers. Kaspersky Lab data shows that the infections that have just been discovered are years old. That is, on the devices of the victims was arguably radically limited over a long time, the computing power. The number of detections from the 64-bit version of the crypto-miner is increasing annually: in 2017, it increased by 18.42 percent over the previous year. Renewed growth of 16.42 percent is expected this year. These results suggest that the spread of the pests via external disks continues to work well.

Denis Parinov, Anti-Malware Researcher at Kaspersky Lab, warns:

"The proliferation of USB device infections is not as effective as it has been in the past, as they are now considered insecure and less commonly used in business. Nevertheless, our research shows that USB sticks are still a risk that should not be underestimated. For attackers, this storage medium is still of interest and is used for attacks. Some infections remain undetected for years. Fortunately, home users and businesses can protect themselves with very simple means.

USB drives offer many advantages: they are compact and handy, and a great brand asset, but the devices themselves, the data stored on them and the computers they are plugged into are all potentially vulnerable to cyberthreats if left unprotected.

Fortunately, there are some effective steps consumers and organizations can take to secure the use of USB devices.

Advice for all USB users

  • Be careful about the devices you connect to your computer – do you know where it came from?
  • Invest in encrypted USB devices from trusted brands – this way you know your data is safe even if you lose the device
  • Make sure all data stored on the USB is also encrypted
  • Have a security solution in place that checks all removable media for malware before they are connected to the network – even trusted brands can be compromised through their supply chain

Additional advice for businesses

  • Manage the use of USB devices: define which USB devices can be used, by whom and for what
  • Educate employees on safe USB practices – particularly if they are moving the device between a home computer and a work device
  • Don’t leave USBs lying around or on display



scroll gif