Cyber Attacks on the Rise: Infected USB Drives as Access Vectors
In the first half of 2023, cyber attacks using infected USB drives have seen a significant increase, tripling in volume. Mandiant, a cybersecurity company, released a report detailing two major campaigns, named SOGU and SNOWYDRIVE. These campaigns targeted public and private sector organizations globally.
Increasing Threat: SOGU and SNOWYDRIVE Campaigns
Mandiant’s report highlighted two major campaigns. The first, SOGU, is the most prevalent form of USB-based cyber espionage attack. This campaign leverages infected USB flash drives to gain unauthorized access to systems. The second campaign, SNOWYDRIVE, also utilizes infected USB drives as a means of entry.
Targets and Reach
Both SOGU and SNOWYDRIVE campaigns targeted a wide range of organizations across the world, including both public and private sector entities. This indicates that no organization is immune to this type of attack, regardless of its industry or size.
The Dangers of Infected USB Drives
Infected USB drives pose a significant threat to organizations’ cybersecurity. When inserted into a system, these drives can deliver malware or gain access to sensitive data. This allows attackers to execute various malicious activities, including unauthorized access, data theft, or even system-wide compromise.
Prevention and Mitigation Measures
Defending against USB-based cyber attacks requires a multi-layered approach. Here are some recommended measures:
- Implementing strict access controls and user training to discourage the use of unknown USB drives.
- Enforcing the use of encrypted USB drives and regularly scanning them for malware.
- Installing robust antivirus software and keeping it updated to identify and block malicious files.
- Regularly patching and updating operating systems and applications to address vulnerabilities.
Cyber attacks utilizing infected USB drives as an initial access vector have experienced a significant increase in the first half of 2023. The SOGU and SNOWYDRIVE campaigns have targeted a wide range of organizations across the globe. To protect against these attacks, organizations must implement preventive measures, such as user training, access controls, encrypted USB drives, antivirus software, and regular system updates. By being proactive, organizations can mitigate the risks associated with USB-based cyber attacks and safeguard their sensitive data.
Original Article: https://thehackernews.com/2023/07/malicious-usb-drives-targetinging.html