Don't Plug It In! How to Prevent a USB Attack – PCMag UK

   We review products <a href="https://www.pcmag.com/article2/0,2817,2355548,00.asp" target="_blank" rel="noopener">independently</a>, but we may earn affiliate commissions from buying links on this page. <a href="https://www.ziffdavis.com/terms-of-use#endorsement" target="_blank" rel="noopener">Terms of use</a>.     <br>In the age of <a href="/antivirus/118573/how-to-avoid-phishing-scams" rel="noopener" target="_blank">email-based cyberattacks</a>, it's easy to forget that hackers can also worm their way into systems big and small with physical components, particularly USB devices.<br>According to a report by Honeywell Forge, <a href="https://www.honeywell.com/content/dam/honeywellbt/en/images/content-images/cybersecurity-threat-report-2021/Industrial%20Cybersecurity%20USB%20Threat%20Report%20v5.pdf" rel="noopener" target="_blank">79% of USB cyberattacks</a> are capable of disrupting operational technology, like the day-to-day functions of an industrial plant. Fifty-one percent of them can give an attacker remote access. But it isn’t just big industry that should guard against these threats; individuals should be wary of them, too. Here we’ll explain what a USB attack is, and how you can avoid falling victim to one. <br>A USB attack pretty much does what it says on the tin: it uses a USB-connected device, like a thumb drive or hard drive, to get malicious software into a computer or other USB-connected device, such as a smartphone. Bad USB devices can also be used to damage or destroy a computer by delivering an electrical charge.<br>One of the most concerning aspects of USB attacks is their ability to give hackers remote control of a system. The Stuxnet attack discovered in 2010, for example, <a href="https://www.smithsonianmag.com/history/richard-clarke-on-who-was-behind-the-stuxnet-attack-160630516/" rel="noopener" target="_blank">famously infected</a> Iranian nuclear development sites. The same kinds of breaches could be used to infiltrate facilities connected to the power grid, oil production, and other Internet of Things networks.<br>There are <a href="https://www.bleepingcomputer.com/news/security/heres-a-list-of-29-different-types-of-usb-attacks/" rel="noopener" target="_blank">dozens</a> of ways a cyberattacker could use a USB drive to install an exploit on your computer. The two most common are via thumb drive devices and public USB charging ports, a practice known as <a href="https://www.latimes.com/travel/story/2019-11-29/juice-jacking-usb-charging-port" rel="noopener" target="_blank">juice jacking</a>.<br>USB device attacks fall into three major categories, depending on what they do once they’re connected to your device. Devices with reprogrammed internal microcontrollers will look like regular thumb drives, but once plugged in, they'll execute another function, e.g. acting like a keyboard and typing certain keystrokes. Examples include the <a href="https://cyware.com/news/newly-discovered-rubber-ducky-attacks-use-free-gift-cards-to-trick-users-into-using-malicious-usb-sticks-fe36b267" rel="noopener" target="_blank">Rubber Ducky</a> attack. <br>USB devices with reprogrammed internal firmware are changed so that their firmware automatically executes a certain function once they’re connected, like installing <a href="/antivirus/89795/the-best-malware-removal-and-protection-software-for-2020" rel="noopener" target="_blank">malware</a> or stealing data. One example of this is the <a href="https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-brocker.pdf" rel="noopener" target="_blank">iSeeYou attack</a>, which reprogrammed a particular class of Apple webcams so the attacker could record video without a person’s knowledge.<br>USB attacks can also exploit existing flaws in the way computers and USB devices interact. A common example of this attack is the Device Firmware Upgrade (DFU) attack, which uses a USB device to reprogram legitimate firmware into something more malicious. <br>There are even attacks like <a href="https://www.bleepingcomputer.com/news/security/shocking-usb-killer-uses-electrical-charge-to-fry-vulnerable-devices/" rel="noopener" target="_blank">USB killer</a>, in which a connected USB device stores power from a computer’s USB power lines until it reaches a certain level, then aggressively discharges it and fries the connected computer.<br>While these attacks sound scary, there are ways to prevent them. <br>A good deal of USB threats come down to social engineering, or psychological tricks and tactics to get people to connect a bad device. This is present in just about every type of cyberattack and scam, and it’s important not to fall for it.<br>If you see a USB drive you don’t recognize dropped somewhere—such as a parking lot—<strong>do not connect it to your computer</strong>. Bad actors rely on human curiosity to help them get your device infected. They’ll drop it in a public location, like at a <a href="/encryption/85836/another-hospital-falls-victim-to-ransomware" rel="noopener" target="_blank">hospital</a>, and wait for someone to plug it in. This is called a drop attack. <br>Another common tactic is sending USB drives to people in the mail and making them look like promo offers from <a href="/security-5/125415/psa-if-you-get-a-best-buy-gift-card-on-a-usb-drive-in-the-mail-dont-plug-it-into-your-pc" rel="noopener" target="_blank">big box tech stores like Best Buy</a>. Bottom line: be wary of any USB drives you find or receive unsolicited for free, whether it's from a company <a href="/security/134040/scammers-are-using-fake-devices-to-steal-cryptocurrency-wallets" rel="noopener" target="_blank">you know</a> or don't recognize.<br>If you use a USB drive for work, keep it separate from anything personal to avoid transferring malicious software from your home computer to your professional network. You can also regularly scan your USB devices with an <a href="/antivirus/8141/the-best-antivirus-protection" rel="noopener" target="_blank">antivirus</a> and/or <a href="/antivirus/89795/the-best-malware-removal-and-protection-software-for-2020" rel="noopener" target="_blank">anti-malware</a> program, while <a href="/encryption/83976/the-best-encryption-software-for-2020" rel="noopener" target="_blank">encryption software</a> may keep attackers from accessing your data in the event of a breach. If you think you might’ve plugged a compromised device into your computer, disconnect from the internet right away and restart your computer. <br>Disabling autorun features on your devices will help keep malicious code from automatically executing when you plug in a drive. On Windows, open Control Panel and find the <strong>AutoPlay</strong> setting. Uncheck <strong>Use AutoPlay for all media and devices</strong> to prevent unknown devices from launching without alerting you or asking for permission. <br>If you absolutely need to find out what’s on an unfamiliar flash drive, you could try using a computer that’s “air gapped,” meaning it's not connected to the internet or other networks.<br>Air-gapped computers don’t mean airtight security. The Iranian nuclear development facility that was compromised in the Stuxnet attack <a href="https://urgentcomm.com/2021/12/06/usb-devices-the-common-denominator-in-all-attacks-on-air-gapped-systems/" rel="noopener" target="_blank">used an air-gapped network</a>, and was compromised with a bad USB. Once the drive was connected, the malicious software was unleashed. So if you test a suspicious drive on an air-gapped computer, that’s the only thing you should use that computer for, and the suspect USB drive should not be connected to any other computers in your network.<br>If you’re more tech savvy, try downloading <a href="/system-performance/59584/the-best-virtualization-software-for-2020" rel="noopener" target="_blank">virtualization software</a>, such as Oracle's free <a href="https://www.virtualbox.org/" rel="noopener" target="_blank">VirtualBox</a>. It lets you create a virtual environment on your computer that runs a simulated instance of your computer inside your computer. You can plug in the drive and open it in the virtual environment without it affecting your files or network. <a href="/gallery/121660/how-to-safely-run-software-with-windows-10-sandbox" rel="noopener" target="_blank">Windows Sandbox</a> is also a built-in option for Windows users.<br>Keep your systems updated, especially if you’re running Windows. Many attackers take advantage of the fact that people often delay updating their systems, even if they include patches for serious bugs.<br>No cybersecurity method is foolproof, and that includes steps taken to prevent USB attacks. The methods described here are, however, a whole lot better than plugging in a weird USB drive you found and hoping for the best. <br>Remember never to trust unfamiliar drives, scan the ones you do use regularly, and take advantage of security options like passwords, PIN keys, and data encryption. Hopefully, awareness of the tactics that cyberattackers use coupled with solid hardware and software security will help you stay free of any nasty digital infections.<br>PCMag is obsessed with culture and tech, offering smart, spirited coverage of the products and innovations that shape our connected lives and the digital trends that keep us talking.<br><br><a href="https://uk.pcmag.com/security/138149/dont-plug-it-in-how-to-prevent-a-usb-attack">source</a>
Share this post:

Leave a Reply