Cyber security quiz winners awarded malware-laden USB sticks in Taiwan

Cyber security quiz winners awarded malware-laden USB sticks in Taiwan

Cyber security quiz winners awarded malware-laden USB sticks in Taiwan

As many as 54 USB sticks awarded to cyber security quiz winners by the Taiwanese government were found to contain a malware used to steal personal data from computers.

Taiwan’s national police agency said that the malware was injected into 54 USB sticks by an employee who merely wanted to test their storage capacity.

The affected USB sticks were among 250 such sticks awarded by the government to cyber security quiz winners who participated in a programme hosted to highlight the government’s cyber security initiatives.

Following the discovery that 54 USB sticks awarded to participants were laden with malware, the Taiwanese national police agency apologised for the error and said that the malware was injected to affected devices by an employee who merely wanted to test their storage capacity.

The government is now contacting the participants in order to recover compromised USB sticks and has so far been able to recover 20 of them. The malware in question is known as XtbSeDuA.exe and was used by cyber criminals in 2015 to steal personal data from 32-bit computers and to transfer such data to an IP address located in Poland.

In the same year, Europol managed to bust criminals behind the operation and systems belonging to the hackers were confiscated. As such, the malware is no longer in use and is not powerful enough to infect 64-bit computers or to evade modern anti-malware software.

‘How ironic that successful respondents to a cybersecurity quiz are rewarded with malware by the hosting organisation. This brings the need to secure the supply chain as part of a cyber security strategy into sharp focus,’ says Jon Fielding, Managing Director for EMEA at Apricorn.

‘Not only that, but specifically for USB connected computer peripherals such as the devices here, organisations must ensure those devices are also securely coded and can’t be corrupted or have their firmware altered to launch cyberattacks, whether it be deliberate or not,’ he adds.

A number of security researchers have, over the years, alleged that various forms of computing hardware have been injected with malware by Chinese manufacturers to track individual users and to collect their personal data.

Recently, a leaked memo from the Los Angeles office of the Immigration and Customs Enforcement bureau revealed that Chinese drone manufacturer DJI, a leading manufacturer and seller of private drones in the UK and the United States, was ‘providing US critical infrastructure and law enforcement data to the Chinese government’.

It added that DJI drones were also used to monitor “proprietary and sensitive critical infrastructure data, such as detailed imagery of power control panels, security measures for critical infrastructure sites, or materials used in bridge construction”. Once such data was collected, it was uploaded to a cloud server to which the Chinese government most likely had access.

Even though the USB sticks were manufactured in China, they were infected with malware by an employee of the Taiwanese government, thereby indicating that cyber espionage was not in play in this case. However, like Fielding says, buyers and cyber security agencies must ensure that devices imported from other countries do not contain corruptible software or feature firmware that can be remotely altered.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]