Global cybersecurity company Kaspersky is urging Filipinos to be wary of careless plugging of USBs to their computers unless they have been scanned following the release of data that 36.80% of users in the Philippines were attacked by local threats from January to December 2023.
Local threats are malware spread through removable media such as flash drives, even CDs and DVDs and other “offline” methods. Worms and file viruses account for the majority of incidents.
The Philippines ranks third in Southeast Asia with the most number of users attacked by local threats, according to the Kaspersky Security Network (KSN). The country trails behind Vietnam (53.30%) and Indonesia (41.10%).
KSN is a complex distributed infrastructure dedicated to processing cybersecurity-related data streams from millions of voluntary participants around the world. KSN data is collected from Kaspersky customers here who have installed the company’s cybersecurity software on their computers and voluntarily shared information with the firm.
Globally, the Philippines placed 76th in Kaspersky’s KSN report in 2023. It was 72nd in 2022 and 70th in 2021. Since 2019, the country’s overall percentage of Kaspersky users attacked by local threats ranged from 42% to 51%. Throughout 2023, Kaspersky solutions detected and blocked a total of 22,731,157 local threats.
The top ten most attacked countries in 2023 are from Central Asia, Africa, and South Asia.
“Thumb drives are so nifty! Over time, it has become smaller in size, yet its capacity has tremendously increased that we can now store large files like videos and multiple copies of them on a single drive. They can even last up to 10 years or more now, so quality has also evolved drastically. There’s no doubt that even with cloud storage now available, I think USBs are going to stick around for a long time,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
“But USBs are a boon to everyone who uses them, cybercriminals included, and a bane for those unaware that such offline hardware could cause a catastrophe. We need to understand that cyberattacks don’t come solely from the internet. Attackers are finding ways to get to your devices, like with the use of these seemingly plain removable media, which we could prevent with proper USB hygiene,” added Yeo.
According to Kaspersky, secure USB drive manufacturers are following the FIPS 140 certification standard that involves a cryptographic security disclosure and validation process. But some encrypted USB drives pass certification and are still vulnerable to attacks—sometimes even the easy ones.
The danger levels of USBs are currently classified in three (3) categories:
-
Serendipitous: Open to an opportunistic attacker with minimal resources—basically, at this level you find a person who may have found or stolen a drive and is eager to get their hands on the information it possibly contains.
-
Professional: Available to attackers with resources, albeit limited ones. Mostly, attackers at this level are interested in gathering large amounts of information; and
-
State-sponsored: Requires attackers with plenty of resources. Usually, attackers are after specific data, and keys that are worth a large investment.
Below are some helpful tips from Kaspersky experts to keep your USB sticks clean and your computers, safe:
-
Configure your OS to avoid running anything from USBs.
If an attacker leaves an infected USB card in your office and you pick one up and plug into your computer, you need to make sure your antivirus software is set up to prevent the opening and running of any infected files. If you’re using Kaspersky Premium, the software will perform an auto-scan of your USB stick the moment you plug it in. After scanning, it will give you the option to repair or it will alert you if a threat is detected.
-
Update your OS.
When your OS offers you a patch update, download it. Patches are released to improve upon imperfections and vulnerabilities within your software and neglecting to keep up with the latest versions could make you susceptible to viruses. In the case of USB malware, make sure your OS is patched against AutoRun exploits so again, your system is not automatically running anything from your removable devices.
-
Don’t copy executable files.
Executable files can cause your computer to perform tasks that have been assigned by encoded instructions. You can imagine the danger of copying this type of file from an unknown source so it’s best to avoid doing so altogether. We recommend downloading all software directly from official, trusted sites only.
-
Keep your drives separate.
On top of making sure you’re only using USB drives given to you by trusted sources, you should also make sure that you aren’t using them to mix business with pleasure. It’s safest to keep your work and personal information separate from one another, especially if your USB sticks are being used by multiple people in your home or office.