BANGKOK: As businesses increasingly focus on securing their online networks, a lesser-known but equally dangerous threat is gaining traction: attacks via various “offline” methods, such as universal serial bus (USB) drives and removable media.

In 2024 alone, Kaspersky detected and prevented nearly 50 million on-device malware attacks targeting businesses in South-East Asia. This staggering figure underscored the urgent need for organisations to strengthen their defences against attacks originating from USB drives and removable media.

On-device threats spread by offline methods involve the use of physical devices such as USB drives, external hard drives or other removable media to deliver malicious software to a target system.

Unlike traditional cyberattacks that rely on Internet connectivity, these attacks exploit the trust users place in physical devices.

Towards the end of 2024, experts uncovered a concerning case where a secure USB drive, developed by a government entity in South-East Asia for securely storing and transferring files in sensitive environments, was compromised.

“Malicious code had been injected into its access management software, enabling it to steal confidential files from the drive’s secure partition. Additionally, the code acted as a USB worm, spreading the infection to other drives of the same type,” explained Yeo Siang Tiong, general manager for South-East Asia at Kaspersky. — The Nation/ANN