Most of today’s malware gets distributed via phishing attacks. There are plenty of other methods that cybercriminals and state-sponsored hackers will utilize, though. USB drives are one way, and they’re particularly effective when a respected name in the computing business ships them. A name like IBM, for instance.
On IBM’s official support site, the company issued an alert to some of its customers this week. The reason: IBM had unwittingly shipped them USB flash drives that were infected with malware.
The drives contained software that was used to initialize enterprise-grade storage hardware sold under its Storwize brand. Drives that carried software for three different models were impacted, and IBM is recommending that they either be destroyed or securely wiping the drives so that they can be reused.
The situation is nowhere near as bad as it could have been. The malicious code isn’t actually executed during the initialization process on the Storwize devices the drives are meant for. IBM also notes that the Trojan is already identified by at least a dozen popular anti-malware applications (the VirusTotal service puts the number closer to 60).
While the real danger posed by these drives is minimal, the incident serves as an important reminder that digital threats can be lurking anywhere. In the case of the drives IBM shipped to its customers, it’s suspected that they became infected somewhere in the supply chain.
Supply chains have been a major security problem for years. In 2011, the Deparment of Homeland Security warned Congress about the presence of malware on imported electronics. A year earlier, buyers of some HP flash drives discovered they came pre-infected.
Last Spring, the American Dental Association found itself tangled up in a USB drive incident very similar to this one. In March of this year, more than three dozen Android devices were found to be infected fresh out of the box by researchers at Check Point.
It’s worrying enough to think that you could unknowingly purchase an infected device at a big box store, but it’s much more alarming that state-sponsored groups are using this tactic to target the kinds of businesses and organizations that buy IBM Storwize devices.
I’ve reached out to IBM for any additional comments they have regarding the infected USB drives and will update this post with their response.
Source: SANS ISC SecNewsFeed @ May 3, 2017 at 02:54PM