Do using USB drivers as an initial infection vector still work today? Well, what is old is new again and security researchers at Mandiant have observed a threefold increase in the number of attacks using infected USB drives to steal secrets. The increase is attributed to two USB-based cyber espionage campaigns. The SOGU malware infection which targets across industries and locations, and the SNOWYDRIVE malware infection that targets oil and gas organisations in Asia. While USB drive attacks require physical access to the target machine to achieve infection, they have unique advantages that keep them both relevant and trending. Advantages include being able to bypass security mechanisms, stealth, initial access to corporate networks and the ability to infect air-gapped systems isolated from unsecured networks for security reasons. The security researchers have identified local print shops and hotels as potential hotspots for infection. It is recommended that organisations should prioritise implementing restrictions on access to external devices such as USB drives. Or at the very least scan these devices for malicious files and code before connecting them to their internal networks.
https://www.mandiant.com/resources/blog/infected-usb-steal-secrets
This segment was created for the It’s 5:05 podcast