Page 162 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 162
What Makes A USB Bad - And How Should
Organizations Resolve This Risk?
When ransomware can attack organizations via USB drives and cables, best practice backup
and security becomes even more critical
By Jon Fielding, Managing Director, EMEA Apricorn
Earlier this year, the FBI uncovered that a cybercrime group had been mailing out USB sticks in the hope
that recipients would plug them into their PCs which would then install ransomware on their networks.
UK businesses should be taking note of the trend for cyber criminals to adopt such strategies - which,
more often than not, can prove effective and even damaging for organizations.
In particular, ransomware attacks have resulted in record financial payouts to criminals in 2021, just to
ensure business continuity. The 2022 Unit 42 Ransomware Threat Report found that the average
ransomware payment rose 78% last year to $541,010 (£414,193). Ransom demands soared by 144% to
reach an eye-watering average of $2.2m (£1.7m)
Criminals will try any and every avenue to get inside access to an organisation – either physically or
virtually. Ransomware-by-thumb-drive is just a new avenue that builds on the old badUSB exploit, dating
back to 2006 - when an auto-run vulnerability was discovered that automatically executed malicious
payloads when an 'infected' device was loaded.
162