Skip to main content

Infected USB devices claim more victims every year

Published on: 12 Oct 2018

USB devices have become the preferred way for cyber attackers to spread crypto-mining malware after it emerged that one in ten USB infections is a crypto-miner.

The range and number of attacks remains relatively low, but the victim toll is rising year-on-year, according to Kaspersky Lab’s annual review of USB and removable media threats.

Despite their reputation for insecurity, USB devices remain popular trade show giveaways and business tools, making them an easy target for cyber criminals who use them to spread threats that have stayed remarkably consistent in recent years.

Windows LNK malware has been the number one threat affecting removable media for the past three years. Other prevalent threats include the 2010 ‘Stuxnet vulnerability’ exploit CVE-2018-2568 and, increasingly, crypto-miners.

Denis Parinov, an anti-malware researcher at Kaspersky Lab, said that USB devices have become less effective at spreading infection over time, but they remain a significant risk that users should not underestimate.

“The medium clearly works for attackers, because they continue to exploit it, and some infections go undetected for years,” he commented.

Mr Parinov added that some very easy measures can help organisations stay secure, such as managing the use of USB devices and educating employees on safe USB practices.

Photo: AntonioGuillem/iStock