USB hack attacks: Philippines ranks 3rd in SEA

MANILA, Philippines — Global cybersecurity company Kaspersky has called on Filipinos to be cautious in plugging in memory storage universal serial bus (USB) devices to their computers unless these have been scanned, following the release of data that 36.80 percent of users in the Philippines were attacked by local threats from such devices last year.

Local threats are malware spread through removable media such as flash drives, even CDs and DVDs and other offline methods.

??Worms and file viruses account for the majority of incidents, according to the data.

At 36.80 percent, the Philippines ranked third in Southeast Asia with the most number of users attacked by local threats, trailing behind Vietnam (53.30 percent) and Indonesia (41.10 percent), according to the Kaspersky Security Network (KSN).

Siang Tiong Yeo, Kaspersky general manager for Southeast Asia, said that while thumb drives have emerged as handy and even stylish storage devices for precious data for people in this era of computers and the internet, there is a need to be mindful of the need for data security in plugging these devices to personal computers where other personal and private data are stored.

“Thumb drives are so nifty. Over time, it has become smaller in size, yet its capacity has tremendously increased that we can now store large files like videos and multiple copies of them on a single drive. They can even last up to 10 years or more now, so quality has also evolved drastically. There’s no doubt that even with cloud storage now available, I think USBs are going to stick around for a long time,” Yeo said.

“But USBs are a boon to everyone who uses them, cyber criminals included, and a bane for those unaware that such offline hardware could cause a catastrophe. We need to understand that cyber attacks don’t come solely from the internet. Attackers are finding ways to get to your devices, like with the use of these seemingly plain removable media, which we could prevent with proper USB hygiene,” he added.

KSN is a complex distributed infrastructure dedicated to processing cybersecurity-related data streams from millions of voluntary participants around the world.

KSN data is collected from Kaspersky customers who have installed the company’s cybersecurity software on their computers and voluntarily shared information with the firm.

Globally, the Philippines placed 76th in Kaspersky’s KSN report last year. It was 72nd in 2022 and 70th in 2021.

Since 2019, the country’s overall percentage of Kaspersky users attacked by local threats ranged from 42 percent to 51 percent.

Throughout last year, Kaspersky solutions detected and blocked a total of 22,731,157 local threats.

The top ten most attacked countries in 2023 are from Central Asia, Africa and South Asia.

Secure USB drive manufacturers are following the FIPS 140 certification standard that involves a cryptographic security disclosure and validation process, but some encrypted USB drives pass certification and are still vulnerable to attacks, sometimes even the easy ones, according to Kaspersky.

The danger levels of USBs are currently classified into three categories: serendipitous, which means this is open to an opportunistic attacker with minimal resources; professional, which means it is available to attackers with resources, albeit limited ones; and state-sponsored, which requires attackers with plenty of resources. — Mark Ernest Villeza