By Eddy Berry, Security Research Analyst, TraceSecurity
Cybersecurity attacks primarily happen over the Internet, whether connected to it through a PC, mobile phone, or laptop. However, bad actors have other ways of socially engineering people through physical means as well. While not used a lot anymore, there are occasional incidents where these attackers will use USB drives to get into a network.
These flash storage drives can be more dangerous than many other methods, considering a script or program can be run immediately upon being connected to a device. Simply plugging it in can cause a malicious bit of code to run through a PC, connecting the bad actor to the network or device. This is why you should never pick up random USB drives from the ground.
A USB drive, or Universal Serial Bus drive, is a memory storage device that can hold data like files, programs, media, and more. It is also known as a “flash drive.” This extends to malicious programs as well, like viruses and malware. Anytime a USB drive is connected to a device, it will immediately begin to read and give access to the drive since the system believes this is a trusted device.
This is where the bad actor attacks – they may sometimes have a boot file in it, which can immediately trigger upon connecting the USB to the device. It will usually run whatever program is connected the boot file, and by that point, it can be difficult to stop it without the assistance of an IT professional.
The most common way that a hacker can use a USB drive is by doing a “USB drop.” They will load USB drives with malicious code and drop them among a targeted area like a bank parking lot or near an employee-only area of a business. These USBs will be labeled enticing things like “payroll” or something involving financial information.
As said above, the bad actor has the attack loaded and waiting in the USB drive. Once it’s connected, it can instantly run the malicious code or program on the PC. It is possible that the network’s defenses will block the script from running, but it’s not always going to be able to stop it. There are some additional protections that can be added, but no method is infallible.
First and foremost, under no circumstances should anyone plug any unknown device to their PC or laptop. This will protect your device, network, and your business. If someone finds a USB drive on the ground, they may assume that it’s lost and will try to find ways of returning it to its owner. This is usually why people might connect it to a device to begin with.
Bad actors love to prey on good people who just want to help others. They may appear distressed or something may seem lost, but they are simply waiting for you to give them what they want. Someone may connect a “lost” USB drive to a PC or laptop in order to find out who it belongs to – by then, it may be too late, even if you use your virus scanner.
Even though USB drives are slowly becoming an outdated form of storage, people still use them for various things. Whenever these USB drives are found on the ground, it’s highly likely that someone will pick it up and plug it into their devices, even if it’s just to find the owner. Regardless of your intention, it’s never a good idea to plug in a USB drive or any unknown device to your computer or phone.
These USB drops can also be part of security awareness training. Within a controlled environment, a business can find out who might try to use these USB drives and can tell when people plug them into a computer. Employees who may try to do this can be trained on not only USB drops, but phishing and other social engineering methods as well.
Connect with TraceSecurity to learn more.