Report: 9% of security incidents caused by USBs and other removable media

Join online with today’s leading executives at the Data Summit on March 9th. Register here.


A new report from Expel found that attackers continue to recycle old tricks – this time, a removable media / USB stick attempt. During January 2022, the report found that removable media accounted for 9% of all incidents. It increased to 20% for events where the initial infection vector eliminates physical endpoints (in other words, eliminates events associated with the cloud-based service).

Because this threat may not be the top of the mind for many, it is a good reminder that the old tricks are still in play. A 2016 study, which looked at what people would do with a USB stick found in a parking lot, found that about 50% of people would plug an unknown USB into their computer. While human curiosity is so high in 2022, one can only hope that with more people working from home, employees are less likely to find and plug USB from the office parking lot.

While security awareness training has focused on unfamiliar USB devices for years, and some organizations require approval per device before connecting to company-owned assets, trusted USB devices remain a risk to businesses.

Twelve graphs from Excel.  Top attack vectors for January 2022: phishing at 49%, removable media at 9%, valid credentials at 9% and web delivery at 4%.

Trusted USB devices can be infected with malware variants that seek to infect and further spread external storage devices connected to the victim host. This risk is much higher when endpoint users can transfer USB devices from personal devices to business assets.

During January 2022, Xperia saw an attempt to spread the AsyncRat, Valyrian, Gamarue, Agent Tesla and Forbix malware families via USB devices. Additional common malicious worms were also found, including deployed as a hidden VBScript script file on the device.

These malware variants would probably have attempted to infect any other external USB storage devices connected to these systems if they had received the initial infection without detection.

With the rise of past trials and true methods, it is a reminder that users and organizations cannot forget time-tested attack methods while guarding against new trends.

The insights for this report were determined by analyzing data from all Expell customer events from January 1-31, 2022.

Read the full report of Excel.

Venturebeat’s mission Transformative Enterprise is about to become a digital town square for technology decision makers to gain knowledge about technology and transactions. Learn more

Similar Posts

Leave a Reply

Your email address will not be published.