USB drive malware is on the rise, so watch out

Despite an increase in cloud adoption, physical storage drives are once again responsible for hosting malware, new resarch has claimed.

Cybersecurity experts at Mandiant recorded a spike in USB-based incidents during the first half of 2023, with a threefold increase in the number of attacks using USB drives to steal secrets.

Previously, Mandiant had recorded somewhat isolated attacks concentrated on the Philippines, but attacks now look to be spreading globally.

USB malware attacks on the rise

For many, USB drives have had their day. In years gone by, as their popularity soared, cybercriminals capitalized on security weaknesses to spread malware through external drives. Today, attackers have had to become more sophisticated, but it looks like some are reverting to the good old USB drive.

The SNOWYDRIVE malware is one such modern-day example, which gives attackers the ability to remotely issue system commands via a backdoor on the host system. Attributable to UNC4698, the campaign looks to be targeting the oil and gas industries in Asia.

The second, which Mandiant describes as “the most prevalent USB-based cyber espionage attack using USB flash drives,” looks to be targeting both the public and private sectors. Deploying SOGU malware, the attacker seeks to steal sensitive information across the construction, engineering, business services, government, health, transportation, and retail industries in Europe, Asia, and the United States. Analysts have attributed this attack to TEMP.Hex, a China-linked cyber espionage actor.

With attentions turning away from USB-based attacks in favor of protecting victims from more sophisticated attacks, turning back to spreading malware via USB drives could prove fruitful for attackers who are currently great success bypassing many security measures.