Check Point notes a significant trend in the use of USB sticks as a vector for spreading malware, already documented in the mid-year report.
One of the oldest known attack vectors, the thumb drive USB, is currently a significant conduit for contemporary malicious cyber operations. Attackers once again see USB drives as the best way to infect isolated, segmented, or highly secured networks. Already in 2022, for example, the FBI raised an alert about a campaign targeting US defense companies, in which attackers sent USB drives loaded with malicious payloads.
Unfortunately, what we predicted came true. Looking at the chain of events identified by the Yoroi researchers, there are unfortunately no surprises. The full report of ZLab Of Yoroi on “Vetta Loader” detected a persistent threat affecting Italian companies in various industrial sectors via infected USB drives. This is a new family of malware that loads other final payloads written in different programming languages, including NodeJS, Python, .NET and Golang.
Infected USB sticks
Check Point assigns malware samples to families and is then able to apply security countermeasures to new samples based on the family’s characteristics. Thanks to this working method, which uses automatic learning technology (AI – Machine Learning – data driven), we are able to prevent new variants of malware.
In the example of the malware identified by Yoroi, one of the components documented in their relationship with the hash “e78f9fc1df1295c561b610de97b945ff1a94c6940b59cdd3fcb605b9b1a65a0d” is known and seen by Check Point Threat Intelligence. In the example screen below you can see that according to Virus Total (as of 11-Dec-2023 at 18:50) only 38 of the 72 antivirus engines used by Virus Total were able to identify this malware.
We can deduce that preventing malware is not trivial even in 2023.