Cyber Crime Cases: Infected USB Drives Distributed at Data Security Event
During a recent data security expo hosted by Taiwan’s Presidential Office, 54 malware-infested thumb drives were handed out to the public by the Criminal Investigation Bureau. These infected USB sticks were among the 250 drives the bureau gave to winners of a game about cybersecurity knowledge at their exhibit.
How Did This Happen?
The malware program installed on the thumb drives have the file name XtbSeDuA.exe. It was designed to collect personal data and transmit it to a Poland-based IP address that then bounces the information to servers linked to an electronic fraud ring uncovered by Europol in 2015. Fortunately, only older 32-bit computers are susceptible to the malware and most anti-virus software can successfully detect and quarantine it.
The 8-gig thumb drives were originally purchased from contractors, some manufactured in China, but espionage has been ruled out by the bureau after determining that it originated from an infected workstation at New Taipei City-based company, Shawo Hwa Industries. An employee at the company used the infected computer to transfer an operating system to the drives for testing storage capacity, allowing the malware to be transmitted to 54 units.
Random sampling of the thumb drives, which were sourced from various contractors, failed to discover the malware. Distribution has halted in the afternoon of December 12th after members of the public complained that drives had been flagged by their anti-virus programs, adding that 20 drives have been recovered while 34 remain in the wild. The server receiving the data from the malware has also been shut down after the bureau took measures to address the issue.
The dangers of USB drives are a growing concern, especially when handed out from what are seemingly trusted parties. Regrettably, there are only a few ways to safely see the contents of a USB drive without plugging it in. For larger organizations, managing the actions of every user connected to your network can be next to impossible. That’s why partnering with a trusted managed service provider makes sense. We can help mitigate risk and implement network security plans to minimize these affects of an attack. To learn more, Contact Us today.