USB-Based Malware Attacks on the Rise in India, Warns Kaspersky

As businesses continue to strengthen their online cybersecurity, a growing offline threat is drawing concern: malware attacks through USB drives and other removable media.

According to global cybersecurity firm Kaspersky, nearly 2 crore on-device malware attacks were detected and blocked in India in 2024 alone. These attacks, often spread through physical devices like USB drives and external hard disks, highlight the increasing risk of offline threats in business environments.

Unlike traditional cyberattacks that rely on internet access, these offline threats take advantage of the trust users place in physical devices. “Last year, our team uncovered a secure USB drive, designed by a government agency, that had been compromised. Its access management software was infected with malware meant to steal data from its secure partition,” said Jaydeep Singh, General Manager for India at Kaspersky. He added that the malware also acted as a USB worm, spreading to other connected drives and increasing the risk of wider infection.

Across the Southeast Asia region, Kaspersky reported that its security solutions blocked over 1.95 crore local threats from January to December 2024—a 12% increase compared to 1.75 crore attacks in 2023.

“Local threats, such as those delivered via USB drives, are among the most dangerous cybersecurity risks today. They bypass online defenses, exploit human error, and can spread rapidly within a network, leading to data breaches, business disruption, and financial losses,” Singh warned.

Kaspersky experts urge businesses to treat these offline attacks seriously and implement strong endpoint protection, strict device policies, and employee awareness programs to reduce risk.