USB malware evolution: Cybercriminals are now using flash drives to spread cryptominers

• Researchers found that some victims carried around and used devices that had been infected for years.
• In 2018, one in ten of all users affected by USB malware was infected by the Trojan.Win64.Miner.all.

For over 20 years, USB devices have allowed users to store and transfer information conveniently, and without using the internet. However, USB devices have long been the target of cybercriminals. In 2010, the now-infamous Stuxnet worm made use of USB devices to spread malware to an Iranian nuclear facility’s networks.

Over the years, USB malware attacks gained popularity, allowing cybercriminals to conduct highly targeted attacks on individuals and entities. USB drives are no longer integral to the business world; cloud services having effectively taken over the realm of secure data storage. However, people continue to use USB drives and these devices remain a significant target for cybercriminals.

According to a new report by Kaspersky Lab, every year, one if four users across the globe are affected by a cyber incident. These attacks are caused by removable media such as USB devices.

Researchers also found that since 2015, cybercriminals have used USB devices to spread cryptominers. However, now this trend is on the rise. In 2018, one in ten of all users affected by USB malware was infected by the Trojan.Win64.Miner.all.

“USB devices appeal to attackers targeting computer networks that are not connected to the internet – such as those powering critical national infrastructure,” Kaspersky researchers said in their report. “USB devices were used to inject malware into the facilities’ air-gapped networks. Advanced threat actors, including Equation Group, Flame, Regin and HackingTeam, have all integrated exploits for this vulnerability into removable media to use in attacks.”

The ProjectSauron toolkit, which was discovered in 2016, included a special module designed to transfer data from air-gapped systems to Internet-connected systems.

“USB drives offer many advantages: they are compact and handy, and a great brand asset, but the devices themselves, the data stored on them and the computers they are plugged into are all potentially vulnerable to cyberthreats if left unprotected,” Kaspersky Lab researchers said.

Fortunately, users can take some steps to stay from USB-related attacks. Researchers recommend that users invest in encrypted USB devices and also ensure that all the data stored in their devices is also encrypted. Users should also never let their devices out of their site and conduct regular and thorough security checkups of the data and the hardware.