The cybersecurity industry and those who depend on it for their protection are often preoccupied with the latest, most complex cyber threats. While these advanced tactics certainly deserve attention, this focus sometimes creates a blind spot for more “basic” methods like USB drop attacks.
Indeed, a recent study highlighted a disturbing resurgence in USB-delivered malware. In just the first half of 2023, we’ve seen a threefold increase in these types of attacks. So, let’s dig deep into why USB drop attacks are resurging, the different flavors they come in, and, most importantly, what you can do to protect yourself and your organization. But first, we need to understand what exactly we’re up against.
What Are USB Drop Attacks?
USB drop attack definition: A USB drop attack is a type of cyber-attack where a USB drive, typically pre-loaded with malware, is physically left in a location with the intent that an unsuspecting individual will pick it up and plug it into a computer.
In other words, a USB drop attack is the digital equivalent of the well-known Trojan Horse story, in which a seemingly innocuous object harbors a hidden danger. Just like the wooden horse that the Greeks used to infiltrate Troy, the USB drive appears harmless, even useful. But once it’s plugged into a computer, the malicious software hidden inside springs into action, compromising your system and potentially even your entire network.
6 Critical Cybersecurity Policies Every Organization Must Have
Types of USB Drop Attacks
USB drop attacks can be subdivided into various categories, each with its own unique method of operation and end goal. Here are several of them to help you understand just how diverse and dangerous these attacks can be.
Methods of operation
- Social engineering: In this method, the attacker might pose as an employee or contractor, perhaps even wearing a uniform or flashing a fake ID, to infiltrate a targeted business. Once inside, they discreetly plant USB drives in strategic locations, like conference rooms or near workstations.
- Public placement: Some attackers don’t bother with elaborate schemes or disguises. Instead, they scatter USB drives in public places where the foot traffic is high. They rely on the power of human curiosity and the age-old allure of “free stuff” to get people to pick up and plug in the device.
- Malware infection: This is by far the most common goal of USB drop attacks, and it can be achieved in several different ways. For example, a USB drive can be loaded with self-executing malware, or it can contain seemingly legitimate documents that are actually booby-trapped with malicious code, such as ransomware.
- Keylogging: In this case, the USB drive’s main function is to record every keystroke made on the infected computer. The data is then either stored on the USB drive for later retrieval or, in more advanced setups, transmitted to a remote server. This could lead to the capture of sensitive data like passwords or financial information.
- Human Interface Device (HID) spoofing: Ordinary USB drives can be programmed to impersonate a keyboard or another input device. When plugged in, it can execute a sequence of keystrokes to perform specific actions on the computer, such as opening a terminal window to enter commands that disable the machine’s defenses or enable remote access.
- Hardware destruction: Sometimes, destruction is the end goal rather than information theft or system compromise. Devices like USBKill are designed to physically damage a computer once plugged in. These malicious USBs deliver an electrical surge into the USB port, frying internal components and rendering the machine unusable. This attack is often performed by malicious insiders, especially disgruntled employees.
Why Are USB Drop Attacks Still Relevant?
USB drop attacks may seem like such a basic attack method that it can be difficult to understand why they continue to be relevant even in this day and age, when cybersecurity is a top priority of more organizations than ever before.
The main reason why USB drop attacks continue to pose a real threat is that they exploit human curiosity and behavior, a variable that even the most advanced cybersecurity systems struggle to control.
What’s more, recent USB drop attack campaigns, namely Sogu and Snowydrive, have showcased their evolution into highly specialized and targeted operations.
The Sogu campaign, for instance, didn’t just carpet bomb USB drives across random locations; it targeted key industries like pharmaceuticals, IT, and energy across multiple countries. The malware used is designed to persist, adapt, and execute a multitude of malicious activities ranging from stealing data to setting up reverse shells and keylogging. Snowydrive, on the other hand, is using a malicious DLL side-loaded by a legitimate Notepad++ updater to evade detection.
In summary, USB drop attacks persist because they leverage human vulnerabilities, can be highly targeted, and have adapted to circumvent contemporary cybersecurity solutions.
How to Prevent USB Drop Attacks?
We’ve talked about the various shades of danger USB drop attacks can come in and why they’re still a force to be reckoned with. But what can you do to safeguard yourself and your organization? Quite a lot, actually. Here’s a quick rundown of some of the most effective protective measures you can implement:
- Implementing a strict policy on the use of USB devices can go a long way. We recommend you allow only authorized USB drives that have been pre-checked for security.
- Endpoint protection solution can detect and neutralize threats at the point of entry, i.e., the very moment a USB device is plugged in.
With these protective measures in place, you’re building a multi-layered defense that not only relies on technology but also the human element to prevent USB drop attacks.
Conclusion on USB Drop Attacks
It can be easy to overlook more simple but still highly dangerous threats like USB drop attacks. As much as they exploit technological vulnerabilities, their real potency lies in manipulating human behavior—our curiosity, complacency, or lack of awareness. But with the right mix of policy, training, and technology, these attacks are preventable.
If you’re worried about USB drop attacks and want to make sure that your organization is sufficiently protected, then we at OSIbeyond can help.
Contact OSIbeyond today for a cybersecurity assessment, and let us help you in fortifying your defenses.