‘The Weirdest Trend in Cybersecurity’: Nation-States Returning to USBs

'The Weirdest Trend in Cybersecurity': Nation-States Returning to USBs

March 7, 2024 at 04:26PM

Nation-state cyber threat groups are using USBs to infiltrate government and critical infrastructure. Check Point’s Maya Horowitz highlighted USBs as the primary infection vector for major threats, including China’s Camaro Dragon and Russia’s Gamaredon. Instances of USB attacks at a power company and a UK hospital underscore the danger. Organizations can protect against these threats by separating personal and work devices and implementing strict removable device policies.

From the meeting notes, the key takeaways are as follows:

– Nation-state cyber threat groups are increasingly using USBs to compromise sensitive government organizations and critical infrastructure facilities. Despite falling out of fashion and being impacted by COVID lockdowns, USBs have proven to be an effective way for high-level threat actors to bypass security.

– Major threat groups including China’s Camaro Dragon, Russia’s Gamaredon, and the threat actors behind Raspberry Robin have utilized USBs as their primary infection vector in 2023.

– The anecdote of an employee at a power company unknowingly receiving an infected USB in an Amazon package highlights the potential dangers of USB attacks.

– USBs provide a bridge across air gaps or unidirectional gateways in critical infrastructure networks, making them a significant threat.

– A specific incident involving an infected USB at a UK hospital conference led to the spread of malware, opening a backdoor into newly infected machines and acting like a worm to transmit to new devices.

– Recommendations to protect against USB-bound threats include separating personal and work devices, implementing strict removable device policies, and increasing security layers, especially in critical infrastructure industries.

– Organizations are advised to be vigilant when receiving packages, particularly from online retailers, and to verify the source and contents before opening.

Full Article