If the phenomenon had largely reduced in recent years, the cybersecurity company Mandiant noted a threefold increase in malware spreading by USB key.
Two particularly vicious campaigns are said to be underway, notably in France.
USB attacks still relevant in 2023
While prevention and information dissemination have helped reduce USB-based malware in recent years, the decline of this type of attack may be to be found elsewhere: the cloud and other systems that make it possible to do without it. However, the technique is not dead, as its resurgence in the first half of 2023 has shown, and has certain advantages that allow it to remain relevant.
One of the ranks of the latter is discretion, which allows them to pass most security without problems, but also sometimes direct access to internal corporate networks. Above all, it makes it possible to infect systems that are cut off from the Internet and communications with any other device. The infected media can then sometimes replicate the malware on any other USB key that connects to it, making certain places, such as printing houses or hotels, particularly vulnerable.
Two particularly threatening malware
In its report, Mandiant underlines the importance and the dangerousness of two USB malware campaigns.
The first is SOGU, and the cybersecurity company considers it “ one of the most aggressive cyber espionage campaigns “. Present on all continents, it uses USB drives to load malware onto infected computers, allowing them to steal all information from the host medium. This campaign is attributed to a group of Chinese hackers who work for the country’s security services. Different industries, from transport to construction, health and public administration are affected.
The other such campaign that Mandiant highlights is Snowydrive. The latter is attributed to UNC4698, a group that primarily targets the oil and gas industry in Asia. As soon as an infected USB device is inserted into a computer, it loads a program that creates a backdoor in the host system. This then allows the hackers behind the malware to access certain controls of the affected system and issue certain commands. Vicious, this virus is then transmitted automatically to any other USB key that would be inserted into the infected computer.
Source : BleepingComputer, Beggar
2