Schneider Electric recently issued a consumer warning that it mistakenly shipped USB drives to its customers that were infected with malware. Schneider Electric stated in its alert that “Schneider Electric has determine that some USB removable media shipped with [two products] were contaminated with malware during manufacturing by one of our suppliers.”
According to the overview of the Security Notification issued by Schneider Electric, “Schneider Electric is aware that USB removable media shipped with the Conext Combox and Conext Battery Monitor products may have been exposed to malware during manufacturing at a third-party supplier’s facility.” The product identification for the Conext Combox is sku 865-1058 (all versions) and Conext Battery Monitor sku 865-1080-01 (all versions).
The alert recommends that the USB drives not be used, and further that “users are strongly encouraged to securely discard any USB removable media provided with these products….Users who believe they may have used one of the potentially-affected USB removable media are encouraged to perform a full scsan of their system to check for and clean any identified malicious software using any standard anti-malware application program. Users are also encouraged to maintain good end point protection including active malware detection and remediation as part of their cybersecurity maintenance program.”
USB and flash drives continue to pose risk to organizations, and this warning reiterates the importance of assessing the risk of the use of any USB and/or flash drives and testing any removable media before it is introduced into an organization’s system.