We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


A new report from Expel found that that attackers continue to recycle old tricks — this time, the removable media and USB stick effort. During January 2022, the report discovered that removable media were responsible for 9% of all incidents responded to. That increased to 20% for incidents where the initial infection vector involved a physical endpoint (in other words, removing incidents involving a cloud-based service).

Since this threat may not be top of mind for many, it’s a good reminder that old tactics are still in play. A 2016 study, which examined what people would do with a USB found in a parking lot, showed that nearly 50% of people would plug an unknown USB into their computer. While human curiosity is likely just as high in 2022, one can hope that with more people working from home, employees are less likely to find and plug in a USB from the office parking lot.

While security awareness training has focused on unknown USB devices for years, and some organizations require approval per-device before connecting them to a company-owned asset, trusted USB devices remain a threat for businesses.

Bar graph from Expel. Top attack vectors for January 2022: phishing at 49%, removable media at 9%, valid credentials at 9%, and web delivery at 4%.

Trusted USB devices can be infected with malware variants that search for external storage devices connected to a victim host to infect them and spread further. This risk is much greater when endpoint users can transfer USB devices from personal devices to business assets.

During January 2022, Expel saw AsyncRat, Valyrian, Gamarue, Agent Tesla and Forbix malware families attempt to spread through USB devices. Additional generic malicious worms were also observed, including one deployed as a hidden VBScript script file on the device.

These malware variants likely would have attempted to infect any other external USB storage devices attached to these systems had they achieved initial infection without detection.

With tried and true methods of the past making a surge, it’s a reminder that users and organizations can’t forget time-tested attack methods while protecting against new trends. 

The insights for this report were determined by analyzing data from all Expel customer incidents from January 1-31, 2022.

Read the full report from Expel.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Author
Topics