Criminals push malware by 'losing' USB sticks in parking lots

Summary:Here's a case of corporate espionage you've probably never heard before: infiltrating a corporation by "losing" malware-infected USB sticks in the company's parking lot. Thankfully for this multinational chemicals firm, the attempt failed miserably.

Criminals push malware by 'losing' USB sticks in parking lots

Cybercriminals recently attempted to infiltrate DSM, a multinational chemicals firm, by 'losing' malware-infected USB sticks in the company's parking lots. Thankfully for DSM, an employee who found one of the USB sticks dropped it off at the IT department, which in turn found spyware on the device, issued a warning, and collected the remaining USB devices.

Unfortunately, details on this story are scarce. For example, it's unclear what malware was used in the attack. All we know is that its purpose was to steal usernames and passwords, according to Dutch news site Limburger. DSM also blocked the IP addresses which the malware communicates with and sends stolen data to.

A DSM spokesperson said the company did not report the incident to the police because it was a rather clumsy attempt at data theft. Furthermore, the corporate espionage effort did not result in any damage.

This is a failed case of curiosity killed the cat. The perpetrators were clearly hoping that employees would plug in a found USB device to see what was on it. By that point, it would already be game over.

Frankly I think this is an ingenious way to infiltrate a company and something tells me it's not the first time it has been attempted. From what I gather, it's simply the first time that the method was discovered and easily thwarted.

It's hard to say if the employee in question let the IT department check the USB device because he or she was being cautious, or just wasn't curious. I know I would check the device myself without hesitation, though I would probably use my own computer, not one from work. Actually, that would probably depend on the time I found it: it would make sense for the criminals to "lose" the devices in the morning as opposed to the evening. Anyway, I'll definitely think twice when finding a USB device now, and so should you.

See also:

Topics: Security, IT Priorities, Malware, Tech Industry

About

Emil is a freelance journalist writing for CNET and ZDNet. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.