Threat to USB Drives

Published On: January 19th, 2022Categories: Business Software, Business Technology, Cyber Security, Tech Case Studies, Tech Trends

By: Eric Vicencio

If you have attended one of the Eder Casella Technology Tech Talks, you may have heard us talk about how USB drives are often forgotten when identifying cyber threats to organizations. But they are a significant threat to your data. However, this threat has quickly moved into the spotlight. At the end of last year, threat actors have started sending USB drives to unsuspecting US-based companies. And the threat is continuing today.

So what is the threat?
The goal of these USB drives is to have employees plug them into their computers. Once plugged into your device, the attack is initiated, and ransomware is now spread to the now infected computer.

How are the USB drives getting into the companies?
According to the FBI, the most recent threats have arrived to companies in one of two ways. One way is Amazon packages being sent to companies containing the infected USB drives. The other is packages arriving via US Mail that appear to be from the Department of Health Services with COVID-19 guidelines. Both modes of delivery can be seen as totally normal to unsuspecting employees.

What should you do?
Eder Casella Technology’s approach to handling these USB drives is the same as any USB drive; if it does not belong to you, do not plug it into your device. When in doubt, bring any USB drive to your IT Specialist for inspection.

As always, we are here to help. Please do not hesitate to reach out to the Eder Casella Technology Help Desk for assistance.

About the Author: Eric Vicencio

Eric began his career in healthcare, and he has been working in the IT field since 2006 when he graduated from Northern Illinois University. Eric specializes in Infrastructure, SQL and compliance: Licensing, HIPAA, GLBA and PCI.