23-1214/
Blog
Technology innovates; however, it brings some threats to keep an eye on. The cybersecurity space is burgeoning and so is the emergence of novel attacks every day, also in 2024.
You must be aware of issues like data loss, theft of sensitive information, destruction of networks, attacks by ransomware, malware infection, and so on. While there are various strategies adopted by cybercriminals to achieve these evil intentions, one form of attack that’s recently become rampant is the – USB attack.
USB devices certainly make your life easier, however, you must be aware of their inherent vulnerabilities and how to keep your data safe and secure.
Read on to delve into what a USB attack is, its different types, and in-depth information on some major forms of USB attacks like BadUSB attacks, USB Drop attacks, Tailgating attacks, and the ways to prevent them.
What is a USB attack?
A USB attack is the transmission of any harmful or malicious software, such as viruses primarily through a USB device. They are planned and executed by cybercriminals in a variety of ways. The only fact that’s common to all the ways is that the objectives are achieved through a USB device.
Among the various forms of attack, the predominant ones are the BadUSB, Tailgating, and USB drop attacks. Read on to learn more about these different types of attacks!
What are the different types of USB attacks?
While there are various types of USB attacks, they all can be broadly classified into four major groups. These include:
Reprogramming the USB’s internal microcontroller:
This indicates a case wherein the device resembles a USB (like a cell charger) but does the job of another (like a keyboard – inputs keystrokes). Some examples include – Rubber Ducky, PHUKD/URFUKED, USBdriveby, Evilduino, and more.
Reprogramming USB’s firmware to execute malicious actions:
This could include actions like malware downloading, data exfiltration, or such. Some examples are Virtual Machine breakout, Boot Sector Viruses, Password Protection Bypass Patch, etc.
Exploiting the shortcomings in the manner Operating systems interact with USB
This indicates cases where the USB firmware is not reprogrammed, rather, the behaviors of operating systems concerning USB protocols are utilized smartly.
Some examples include – USB Backdoor into Air-Gapped hosts, Autorun Exploits, Data Hiding on USB mass storage devices, and more.
Electrical attacks
This indicates a highly destructive intention wherein the USB, once plugged, sends out an electric surge and completely spoils the machine. An example in this category is the – USB Killer, which destroys the computer once inserted in the port using an electric surcharge.
How does a malicious USB attack work?
Malicious USB attacks are highly detrimental and can destroy sensitive data, gain unauthorized access to the system, or result in other devastating consequences. In addition, they may allow the attackers to get the user’s passwords or do other irreversible damage to their systems.
Let’s understand how a malicious USB attack occurs. One way is that the attacker creates the malicious code or gets it from the dark-web online and uploads it into the USB device. This code could be executed in multiple ways depending on how it is written.
It may execute when connected to the computer, for example. Or, it may execute when the user opens an infected file stored on the drive.
A second simpler technique used by attackers is to set the hardware of the USB device such that the computer thinks of it as the keyboard. This is an extremely sure-shot method wherein the attacker can gain access or destroy the information (as the case may be) using malware without getting affected by security measures.
An example of such a dangerous device is the Rubber Ducky, which resembles a USB drive but mimics a keyboard. When inserted into the computer, the device can start executing the malicious code by “pressing” the predetermined keys.
Major USB Attack Types and the Ways to Prevent Them
In the upcoming sections, let’s take a closer look at some of the major USB attack types, their implications, and ways to deal with them.
What is a BadUSB attack?
BadUSB attack relies on exploiting the inherent vulnerability in the USB. It essentially reprograms a USB drive and turns it into a human-interface device. The idea is to “understand” and mimic the user’s keyboard actions and execute the malicious command.
Founded and exposed by security researchers Karsten Nohl and Jakob Lell, the BadUSB code is now available to the public through GitHub. This means anyone, even those with minimal knowledge, can launch a BadUSB attack.
How does BadUSB work?
Ironically, the BadUSB attack bases itself on how the USB firmware is designed. A USB connects to various devices like computers, keyboards, webcams, and modems.
The USB has an in-built chip that contains the firmware. This is used to identify the capabilities of the device to which it is connected. As the firmware is easily compromised, the attacker reverse engineers the device and inserts the malicious code into the system. This, in turn, makes your business susceptible to data theft, ransomware, and more.
Ways to protect your data from BadUSB attack
The best practice is to adopt a data security solution that performs a set of functions –
- Files with highly sensitive data like Personally Identifiable Information (PII) are prevented from being copied to external storage devices.
- Detects malware intrusions and reports, if any, by sending email notifications instantly
- Supports an automated threat response mechanism and separates the infected computer from the rest of the network within a few seconds of the attack
- Monitor and track the use of USB devices across the organization during the entire day. Report any anomalous behavior, such as use during non-office hours, for example.
- Hardware security: The BACKBONE Tablet is a revolutionary solution to this problem. With the BACKBONE Tablet, it is possible for the first time to minimize the risk of BadUSB attacks at the hardware level. How does it work? With the BACKBONE Tablet, the administrator can determine which connection points are activated and which are “disabled”. For example, if a BadUSB is plugged into a disabled port, no code can get onto the tablet as it is excluded at the hardware level. You can find out more about the BACKBONE tablet here.
And again, as hardware-specialists we cannot emphasize enough: Tackle the problem by its roots! That means, never apply a USB Stick that you not know for 100% where it came from. Data Security is more important than ever, so protect yourself and your company.
What is a USB drop attack?
USB drop attacks are by and large the trickiest ways in which people easily get victimized. In this form of USB attack, a USB drive loaded with malware is intentionally left at a physical location, with the aim that an unsuspecting person would pick it up and plug it into their computer.
The USB drive could look like a very safe yet useful device, and anyone (not aware of cyber threats) may be tempted to use it. Once someone plugs it into their system, the malicious code would come into action and may destroy or steal some sensitive information, expose the user’s credentials, or even impact the network – it could do anything severe, eventually resulting in destruction.
What are the types of USB drop attacks?
USB drop attacks are planned strategically and in various modes of operation.
Social engineering
In this form of attack, the attacker poses as an employee or contractor and somehow gains access to the prime locations of the targeted business. Then, they plant the malicious USB device in the computers in conference rooms or other workstations. This could cause serious damage to the business at large.
Public placement
This mode of operation is underpinned by the belief that if something is left in a public place, someone will surely be lured to come and pick it up. This form of attack closely resonates with the most basic form of USB drop attack.
The attacker doesn’t waste time on planning or taking up a disguise, rather he simply scatters USB drives in public places and strongly relies on the human desire to get and pick something lying astray for free.
What are the objectives or goals of USB drop attacks?
As serious are the USB drop attacks, so are the ulterior motives, if not more. Some of the common goals of these attacks are:
Keylogging
In this case, the purpose of the USB drive is to find every keystroke on the infected computer. The data that get stored in the USB drive are either retrieved later or transmitted to a remote server. In any case, the primary intention is to steal sensitive data from the user’s computer.
Malware infection
In this case, the whole objective is to damage some crucial information on the user’s computer. The information could be confidential data, legitimate documents, or such, and this is usually achieved by using something like ransomware.
Hardware damage
Yet another case wherein the intention is to destroy the hardware rather than mere theft or stealing of some information. Some toxic devices like USBKill are designed so that they send out an electric surge once plugged in. This adversely affects the internal components of the system and renders the machine unusable.
On most occasions, this kind of attack is planned and implemented by malicious insiders, such as the disgruntled staff of a business or company.
Human Interface Device (HID) Spoofing
This involves programming the USB drives to operate the keyboard or other input device by mimicking the keystrokes of the user. The intention here is to emulate the patterns on the keyboard and reach the command screen to disrupt the computer’s defenses or gain remote access.
Ways to prevent USB drop attack
There are two smart yet effective ways to prevent USB drop attacks.
- Implement a strict USB security policy – Only authorized and thoroughly checked USB drives must be allowed.
- End-point protection – These are highly efficient solutions that detect and avert malicious attacks at the time of entry i.e. when the USB device is plugged in.
What is a Tailgating attack?
Tailgating attack refers to the form of attack wherein an unauthorized user gains access to a prohibited physical location (such as a password-protected area) to steal information, damage property, or even deploy malware.
Who all fall under the risk of tailgating attack?
IT companies or other businesses are constantly at the risk of being targeted under tailgating scams, which include –
- Employees moving in and out of the premises
- Different/multiple entrances to the office building
- Employees aren’t very aware of cyber threats or are not well-trained
- Subcontractors working for the companies
How to protect yourself from tailgating attacks?
Use of smart badges and cards
Smart badges and cards, if provided to employees, will restrict unauthorized access by outsiders. In particular, you can grant these cards to specific employees who can access certain private areas on the premises.
Deploy biometric scanners
Biometric scanners are still robust devices that scan the physical or other features of the intended entrant and check for their authorization in the approved database records. Various biometric appliances are available, including – facial recognition, fingerprint scans, iris recognition, voice recognition, etc.
Video surveillance /CCTV
A simple and relatively cost-effective solution is to install video surveillance cameras or CCTVs at important locations on your company premises. In addition, by using an AI-powered CCTV camera, even video analytics can be leveraged, and these systems compare the faces of the people seen with their pictures in the database to approve their identity.
Examples of USB attacks and cases
Numerous companies – big and small – worldwide have fallen prey to cyber-attacks, data breaches, and such. Check out some of the recent cases of USB attacks, which severely impacted various businesses including top-notch banks.
Research suggests, as per a 2021 survey of IT security specialists, around three in ten companies saw 11 to 50 malicious USB drop attacks.
Recently, Industrial and Commercial Bank of China Ltd’s US unit fell victim to a cyberattack through a USB stick. Consequently, the bank could not clear several US treasury trades as the authorities who were settling the transactions instantly disconnected from the infected systems.
Yet another case where two cyber-threat campaigns are attacking public and private companies across the globe are – SOGU and SNOWYDRIVE.
According to Google-owned threat intelligence firm, “SOGU is the most prevalent USB-based cyber espionage attack using USB flash drives and one of the most aggressive cyber espionage campaigns targeting both public and private sector organizations globally across industry verticals.”
SNOWYDRIVE malware targets oil and gas organizations in Asia.
“Once SNOWYDRIVE is loaded, it creates a backdoor on the host system, giving attackers the ability to remotely issue system commands.It also spreads to other USB flash drives and propagates throughout the network.” Mandiant researchers Rommel Joven and Ng Choon Kiat said.
Wrapping Up
USB attack is increasingly becoming a major cause of concern. Companies – regardless of their verticals are falling victim to this little-known yet severe form of cyber-attack. While there are hundreds of ways the USB attacks are executed, some of the common formats are – BadUSB, tailgating, USB drop, and more.
As a business, you must adopt the appropriate measures to combat these threats and stay competitive.