Threat update

There have been increasing reports of threat actors leveraging a classic malware delivery method in recent months: USB attacks. Continue reading to learn how you can prevent these attacks and reduce risks for your customers. 

Technical Detail and Additional Info

What is the threat?​

 Major threat groups are relying on USB drives to deploy malware at organizations that are otherwise highly secured.

Why is it noteworthy?​

With the rise of new technologies such as AI and machine learning, cyberattacks are becoming more sophisticated and harder to defend every day. Organizations are having to adapt to more advanced threats and it can be easy to overlook some of the classic methods. However, just because USB drive attacks are not shiny and new doesn't lessen the potential impact. If the right protocols aren't in place, malware can easily spread as soon as a malicious USB drive is plugged in. 

What is the exposure or risk?

Many organizations, particularly those in the small business space, rely heavily on USB devices. They're small, inexpensive, and portable, which makes them popular for storing/transporting files from one device to another. It's these qualities that make them appealing to threat actors.

If malware from a USB device infects a machine on a network, it can easily spread to other computers. Any USB drives connected to infected computers can then be compromised, and the cycle continues.

What are the recommendations?​

LBT recommends the following actions to prevent attacks through removable media:

• Do not plug an unknown USB drive into your computer. If you happen to come across a USB drive, give it to the appropriate team (IT Department, Security Operations Center, etc.). Do not plug it into your computer to view the contents or to try to identify the owner.
• To eliminate the risk nearly entirely, lock down USB access for endpoints in your organization. This can be done through methods like Group Policy or Endpoint Protection Platforms.
• If an endpoint needs USB access, practice allow-listing specific devices rather than allowing all USB devices. Using endpoint protection software, enable the automatic scanning of external drives upon connection to ensure there are no malicious files present.

How can LBT assist?​

LBT's Managed Endpoint Security product blocks USB Mass Storage devices out-of-the-box. Integrated with SentinelOne, a next-generation endpoint security solution, we can eliminate the risk of USB drive attacks.

Need to allow flash drive usage for certain endpoints? No problem! Through self-service features on the our Dashboard, you can easily toggle USB Blocking on/off. The system automatically scans any allowed external devices for malicious files upon connection.

Want to block more than just Mass Storage devices? We can do that too! LBT actively enhances your cybersecurity posture and effectively mitigates risks 

References

For more in-depth information about the recommendations, please visit the following links:

• https://www.darkreading.com/ics-ot-security/weirdest-trend-cybersecurity-nation-states-usb
• https://www.cisa.gov/news-events/news/using-caution-usb-drives