When we think about modern cyber threats, USB drives and keys are probably not the first things that come to mind. However, if one attack is successful, other malicious actors will follow along.
And this is why now, on top of AI attacks and elaborate phishing efforts, we are also seeing a renewed interest in attacks using USB drives.
As an example, during Maya Horowitz’s recent keynote presentation at CPX 2024, she shared how USB devices had been recently used by major threat groups to successfully infect sensitive organizations.
According to her keynote, via DarkReading, USBs represented the main infection vector for three different major threat groups in 2023: China’s Camaro Dragon; Russia’s Gamaredon, and the threat actors behind Raspberry Robin.
A USB attack involves the use of USB drives or devices to infiltrate systems, steal data, or deploy malicious software.
Despite advancements in technology, humans remain the weakest link in cybersecurity. Some USB attacks exploit human curiosity or negligence by enticing users to insert infected drives into their systems. Others gain access to a system directly, then plug in a USB drive, and spread it through the network. Add to that the proliferation of USB devices and charging cables, and you can see why attacks of this type can be incredibly successful.
Let’s see an example. You are an employee working for a private company and you receive an Amazon package (with the official tape and everything you would expect from a legitimate parcel). You open it and find a sealed USB device. Thinking it’s brand new (maybe a gift from someone, you wonder), you plug it in. And then the chain reaction begins.
USB attacks can be highly targeted and tailored to steal sensitive data in a way that many people would not suspect. This is, in fact, what happened to Iran’s nuclear program in 2010 (Stuxnet), the Ukraine power grid in 2015 and 2016, and Sony Pictures Entertainment in 2014.
Many attackers preload malware onto USB flash drives and scatter them in public places or send them directly to targeted individuals or organizations. Unsuspecting users insert these infected drives into their computers, unknowingly executing the malware (for example, a malicious DLL) and compromising their systems.
There are different types of USB threats, including various methods such as keystroke injection attacks like Rubber Ducky, malicious firmware reprogramming, and social engineering tactics like USB drop attacks. Let’s see each of these in a little more detail.
This type of human interface device (HID) can interact directly with human users— via mice, game controllers, and other input devices—and exploit the ability of certain USB devices to emulate keyboards. Attackers preload these devices with scripts that execute specific commands upon insertion, allowing them to perform various malicious actions on the target system.
BadUSB attacks involve reprogramming the firmware of USB devices—such as keyboards, mice, or thumb drives—to emulate other devices or execute malware infection commands. Once plugged into a computer through a USB port, the compromised device can perform unauthorized actions, such as keystroke logging or spreading malware.
In a USB drop attack, attackers leave infected USB devices in public spaces, hoping that unsuspecting individuals will pick them up and connect them to their computers. Once inserted, the USB dropper installs malware or initiates a phishing attack to initiate data transfer, provide remote access, or compromise the victim’s system.
We mentioned USB attacks were making a comeback. Here are three popular and recent USB drive threats that should give you some ideas of what to watch for in 2024:
It is definitely possible to mitigate the risk of USB attacks. For example, some preventive measures include:
While advancements in cybersecurity have mitigated some threats, USB attacks remain prevalent and pose significant risks to individuals and businesses alike. However, you can protect yourself from malicious payloads by implementing the appropriate security measures.
Coro is an industry-leading, modular, cybersecurity solution that provides robust enterprise-grade modules to help organizations defend against USB attacks and mitigate the associated risks.
Coro’s security platform includes advanced malware detection and prevention mechanisms specifically designed to identify malicious payloads delivered through various devices, as well as comprehensive endpoint protection solutions that safeguard endpoints from USB-based threats.
Contact us to learn more about our cybersecurity modules and how they easily snap together to create the perfect security strategy tailored to your organization.