Cybersecurity quiz winners rewarded with malware-infected USB sticks
Adsero Security is dedicated to maintaining a culture of integrity, honesty, fairness, trust, creative solutions and customer satisfaction 24/7. We’ll get it done for you, get it done right, and follow up to make sure your IT security is beyond state of the art. Malware-infected USB sticks? That would never happen in our organization. Read on to find out how it happened to these other people.
On countless occasions we’ve seen businesses embarrassed as they hand out thumb drives which are not only stuffed to the brim with marketing material, but are also unwittingly hiding malware.
And yet, companies continue to put the public at risk by giving away cheap USB sticks at trade shows, with often little consideration as to what may also be lurking on the device.
In perhaps the most ironic example of “Danger USB!” yet, we hear that Taiwan’s cybercrime-fighting investigators recently handed out malware-infected USB sticks to… winners of a cybersecurity quiz.
Taiwan’s Criminal Investigation Bureau has apologized after handing out 54 infected flash drives at a data security expo hosted by the government from 11-15 December. An event which had the noble aim of raising awareness of cybercrime. Ho hum!
As local media reports, distribution of the 8GB devices was halted on the afternoon of 12 December after early winners of the quiz warned that their anti-virus software had warned them that the drives contained malware.
The Windows-based malware was designed to steal personal information from infected PCs and send it via an IP address based in Poland to parties unknown.
However, it seems unlikely that Taiwan’s computer crime-busting cops, or the event itself, were deliberately targeted by hackers. Instead, as is often the case, there is a more down-to-earth explanation for what happened – and why only 54 of the 250 giveaway USB drives are believed to contain the malware.
According to the Criminal Investigation Bureau, the infections have been traced back to a single PC at an external contractor. It seems that a random sample of the USB drives were plugged into the infected PC in order to test their storage capacity, and the malware was unwittingly transmitted to 54 of them at that time.
It’s the kind of security goof that is all-too-familiar. Readers with long memories may recall that, in 2010, IBM handed out USB sticks at the AusCERT security conference infected by not one… but two pieces of malware.