In 2024 alone, Kaspersky detected and prevented nearly 50 million on-device malware attacks targeting businesses in Southeast Asia (SEA). This staggering figure underscores the urgent need for organisations to strengthen their defences against attacks originating from USB drives and removable media.

On-device threats spread by offline methods involve the use of physical devices, such as USB drives, external hard drives, or other removable media, to deliver malicious software to a target system. Unlike traditional cyberattacks that rely on internet connectivity, these attacks exploit the trust users place in physical devices.

"Towards the end of 2024, our experts uncovered a concerning case where a secure USB drive, developed by a government entity in Southeast Asia for securely storing and transferring files in sensitive environments, was compromised. Malicious code had been injected into its access management software, enabling it to steal confidential files from the drive's secure partition. Additionally, the code acted as a USB worm, spreading the infection to other drives of the same type, highlighting the sophisticated nature of this threat," explains Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

Overall, Kaspersky solutions used by businesses in SEA blocked 49,234,759 local threats between January and December 2024. This marks a 15 per cent increase compared to the nearly 43 million offline attacks detected in 2023.

Singapore recorded the highest surge in offline attacks between 2023 and 2024 (88 per cent), followed by Malaysia (47 per cent), Việt Nam (25 per cent), Thailand (20 per cent), and the Philippines (16 per cent). Only Indonesia logged a slight drop in local threats, with a -3 per cent decrease year on year.

"We have real-life incidents of advanced cyberattacks utilising innocent-looking USBs and removable drives to infect an entire company. As offline malware attacks continue to evolve, businesses and organisations in SEA must remain vigilant and proactive in their cybersecurity efforts. By understanding the risks and implementing robust defences, organisations can protect themselves from this growing threat," adds Yeo.

To avoid falling victim to a targeted attack using offline methods, Kaspersky researchers recommend individuals and organisations:

• Provide your SOC team with access to the latest threat intelligence (TI). Kaspersky Threat Intelligence is a single point of access for the company’s TI, providing it with cyberattack data and insights gathered by Kaspersky spanning over 20 years.

• Upskill your cybersecurity team to tackle the latest targeted threats with Kaspersky online training developed by GReAT experts.

• Implement a corporate-grade security solution that detects advanced threats at the network level at an early stage, such as the Kaspersky Anti Targeted Attack Platform.

• Use centralized and automated solutions such as Kaspersky Next XDR Expert to enable comprehensive protection of all your assets;

• Introduce security awareness training and teach practical skills to your team – for example, through the Kaspersky Automated Security Awareness Platform, as many targeted attacks start with phishing or other social engineering techniques.

• Update OS and software as soon as possible and do so regularly.