So ironic. You work hard to win a cybersecurity award, and what do you get? A USB drive stuffed with creepy-crawly nasty, that’s what.
The Taiwanese government last month celebrated its crackdown on cyber crime. The national police – the Criminal Investigation Bureau (CBI) – picked up 250 blank USB drives, each with an 8G capacity, to give out as prizes at the data security expo, hosted by the Presidential Office on 11-15 December.
According to the Tapei Times, an employee at a New Taipei City-based contractor, Shawo Hwa Industries Co., first tested the drives by plopping an operating system on them and testing their storage capacity… from his infected work station.
Oops! the CBI said after investigating the infection, which wound up on 54 of the drives that were handed out to winners of a quiz about cybersecurity knowledge. “Winners of a quiz about cybersecurity knowledge,” as in, “people who hopefully know enough not to plug in random USB drives conveniently scattered throughout the parking lot but not necessarily those handed on a silver platter at a security expo.”
According to the CBI, the 54 drives picked up an executable malware file that goes by the name of XtbSeDuA.exe. The CBI said that the malware was designed, years ago, to suck up personal data and transmit it to a Poland-based IP address that would then bounce the information to unidentified servers.
Back in 2015, the malware was being used by an electronic fraud ring uncovered by Europol, according to the CBI, though I couldn’t find record of any such malware with that name.
At any rate, the CBI reportedly said that only older, 32-bit computers are susceptible to the malware and that common anti-virus software can successfully detect and quarantine it. Although some of the thumb drives – they were sourced from multiple vendors – were made in China, the CBI ruled out Chinese espionage.
The malware-as-a-party-favor came to light after expo participants complained that their anti-virus programs had flagged the drives as containing malware. The CBI retrieved 20 of the drives, leaving 34 of the drives wandering around in the wild.
The CBI said that the server set up to receive data from the malware has been shut down.
An anonymous source told the Taipei Times that the Presidential Office was not particularly pleased that one of its events – an event to celebrate its cyber security work, mind you – had been compromised.
In fact, in spite of the CBI’s investigation showing that the malware came from a government contractor working at a government contractor’s computer, the office has demanded that the bureau launch another probe.
Source : Naked Security