Malicious USBs are a security risk that can allow bad actors to obtain access to your network including obtaining passwords, accessing devices and causing damage to your computer.
It’s human nature to be curious and finding a misplaced USB drive is no exception – we want to find out what it contains. This curiosity is what attackers exploit, knowing that for most of us – curiosity gets the better of us even though we are opening ourselves and our networks up to significant risk. Plugging in unknown devices into your computer can be very dangerous as it is a very common way for attackers to infect computers with viruses and malware. They can cause damage within seconds. If you think this can’t happen to you, think again!
Malicious devices can be found on the street, in an office lobby, at the airport or anywhere you may be passing by. USB drives received as free promotional material at a conference, job fair or other event can be as much a risk as a USB found on the ground. These issues exist not only with a USB drive/ memory stick but also seemingly innocent looking cables. The popularity of these types of attacks continues to rise as more and more tutorials are being posted online making this a simple attack that can be carried out by nearly anyone.
How does a malicious USB attack work?
The attacker uploads malicious code to the USB device, which is executed when connected to a computer or when the user opens an infected file stored on the drive. If there is antivirus software installed on the device, the risk is significantly reduced (however there is still a risk present). The antivirus is able to detect the malicious behaviour and stop the attack before the network is compromised.
The second type of attack is for the hardware of the USB to be set to be perceived as a keyboard or webcam when it is connected. This makes it easier for an attacker to overcome internal security measures and infect the user’s computer with malware.
Most commonly a malicious device called a Rubber Ducky is used which appears to be a regular USB drive but actually mimics a keyboard. When the USB is plugged into a computer, it can “press” predetermined keys and execute malicious code.
What are the dangers of USB flash drives?
If a malicious USB device is plugged in to your computer, it can allow for stored passwords to be stolen, access to sensitive files or directly open a backdoor to gain control of a device. In rare cases, it can even damage the device so badly that it can no longer be used.
This type of attack is extremely effective in allowing attackers to bypass some corporate security measures. The only action they need to take to start the attack is waiting for an unsuspecting employee to voluntarily plug the device in to their work computer.
How to protect yourself from malicious USB devices
Beware of unauthenticated devices. Only connect your own USB devices to your computer, where you know where the device has been and the contents. Do not plug a drive into your computer that you found somewhere or unsure who it belongs to.
Unplug USB devices automatically. You can specify in your computer’s settings which devices can connect to it automatically. We recommend that you disable this option for all devices. This will prevent connected USB devices from automatically running programs.
Don’t run or install anything from someone else’s USB. The same advice applies to any file you find on someone else’s USB as it does to file you find on the internet – be careful not to run or install programs with unknown origins.
Use antivirus – you can prevent some attacks from a malicious USB if you protect your computer with a robust antivirus.
Train your staff – provide comprehensive security awareness training to your staff to be aware of the risks associated with using their devices and what actions may increase risk. The human component is often the weakest link in a network’s security so the more informed they are – the most secure your network.