Here is a rewritten version of the provided content without changing its meaning, while retaining the original length and proper headings:
As companies increasingly focus on securing their online networks, a lesser-known yet equally threatening risk is emerging: attacks via various “offline” methods, including USB drives and removable media.
In 2024, Kaspersky detected and prevented nearly 2 crore on-device malware attacks targeting businesses in India, highlighting the urgent need for organizations to bolster their defenses against attacks originating from USB drives and removable media.
On-device threats spread through offline methods involve the use of physical devices, such as USB drives, external hard drives, or other removable media, to deliver malicious software to a target system. Unlike traditional cyberattacks that rely on internet connectivity, these attacks exploit the trust users place in physical devices.
“Last year, our researchers discovered a secure USB drive, designed by a government agency for secure file storage and transfer in high-sensitivity environments, had been compromised. The drive’s access management software was infected with malicious code, which was engineered to steal confidential data from the secure partition. The malware also functioned as a USB worm, propagating itself to other compatible drives and amplifying the risk of widespread infection. This is a real example of the danger each local threat can pose to organizations and businesses,” explains Jaydeep Singh, General Manager for India at Kaspersky.
Overall, Kaspersky solutions used by businesses in SEA blocked 1,95,47,644 local threats between January to December 2024, representing a 12% increase compared to 2023’s almost 1,75 crore offline attacks.
“Local threats, such as malware delivered via USB drives or removable media, are among the most dangerous cybersecurity risks businesses face today. These attacks bypass traditional online defenses, exploit human curiosity, and can rapidly spread across networks, leading to data breaches, operational disruptions, and significant financial losses. Businesses must prioritize protecting against these threats, as they often target the weakest link in cybersecurity—human behavior—and can cause irreparable damage to both reputation and operations,” adds Singh.
To avoid falling victim to a targeted attack using offline methods, Kaspersky researchers recommend individuals and organizations:
- Provide your SOC team with access to the latest threat intelligence (TI) through Kaspersky Threat Intelligence, which offers cyberattack data and insights gathered by Kaspersky over 20 years.
- Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts.
- Implement a corporate-grade security solution that detects advanced threats at the network level at an early stage, such as the Kaspersky Anti Targeted Attack Platform.
- Use centralized and automated solutions such as Kaspersky Next XDR Expert to enable comprehensive protection of all your assets.
- Introduce security awareness training and teach practical skills to your team – for example, through the Kaspersky Automated Security Awareness Platform, as many targeted attacks start with phishing or other social engineering techniques.
- Update OS and software as soon as possible and do so regularly.
Source Link
