How to Reduce the Risk of USB Drive Social Engineering Attacks
Security Awareness Campaigns – 4 min read

Why You Should Worry About Thumb Drives

When you think about cybercrime, you probably think of malicious emails or deceptive phone calls. However, cybercriminals have become more creative. Attacks via USB drives are becoming more and more common. People are advised to take caution when accepting a loose, unpackaged USB drive from another person, or when finding a random USB drive either in the office or on the streets.

 

Loading a thumb drive with malware and then leaving it in a place where it is likely to be found is the start of a perfect cyber crime. The criminal creates the malware and lets the unsuspecting target load the malware on to their computer.

 

48% of People Plug in USB Drives Found in a Parking Lot

 

Users unknowingly expose their organizations to attacks when they connect thumb drives. In trying to determine just how tempting a "found" thumb drive can be, researchers from Google, the University of Illinois Urbana-Champaign, and the University of Michigan, disseminated 297 USB drives around the Urbana-Champaign campus. The results were alarming. Overall, 48% of the drives were picked up and plugged into a computer, some within minutes of being dropped. Further, the researchers found that only 16% of users bothered to scan the drives with anti-virus software, while 68% took no precautions at all before plugging in the drives. This research confirmed that an attackers could easily spread malware by dropping infected USB thumb drives in public places.

In general, USB connected devices are a massive point of vulnerability. Bad guys can count on a user's a natural inclination to get something for free. Users need to learn about the dangers of being complacent.

 

A free USB drive. What could possibly go wrong?

 

The Problem with Free Thumb Drives

 

When accepting a USB key from someone you do not know, whether it is from a "vendor" as a value add-on for a purchase, or sent to your office or home anonymously, or from someone asking for a copy of your presentation at a conference, beware. There's a good chance that plugging in the USB could install malicious software and cause enormous hardship for everyone on your network.

Ask yourself why someone would be giving you this USB drive. Does it come securely packaged? Is the person you received the drive from who they say they are? If it is truly from a reputable vendor, the USB drive will come in its original packaging. All loose USB keys sent to you in an envelope or provided by a stranger should be handled with great care.

 

How do USB drive attacks work?

 

What could possibly go wrong? Here are a number of things:

 

Keyloggers

The thumb drive could install surveillance software, like keyloggers. This involves installing a program on your computer that waits a certain time to wake up before allowing bad actors to surveil your entire system.  

 

Financial Motives

Some USB attacks install ransomware for financial gain and will ask you for money in return for access to your files. 

 

Cryptocurrency Mining

Beachhead software is often used by crypto-miners. This software is not typically malicious but parasitical in that it exploits and utilizes your computer. In this scenario, a beachhead gets installed that allows a bad actor to access your system at an admin or privileged level. This allows them to run numbers on your computer for their own cryptocurrency mining purposes.

Cryptocurrency is based on serial numbers that are exceedingly rare. Crypto-miners get BitCoin once they determine these serial numbers. However, it takes a long time to run combinations of numbers to produce a serial number. The type of math needed to mine BitCoin makes computer video cards run very hot. The expense for air conditioning is significant, which has led to cryptocurrency miners buying old submarines and mines to cool their systems.

Most crypto-miners aren't able to build such large facilities so they build crypto-mining apps that allow them to spread out the effort. These apps install software on other people's computers to crunch cryptocurrency numbers. They chug away in the background on your computer, communicating continuously on the Internet. Theses apps make your computer a bit slower but otherwise are indiscernible.  

 

How to Prevent USB Drive Attacks

  1. Security software
  2. Firewall
  3. Only connect a USB thumb drive that you buy at a reputable store
  4. Never plug an unknown USB into your computer
  5. Disable AutoRun

 

If you think that you may have fallen victim to a USB attack, immediately log off your network, disconnect the wireless connectivity, and unplug your computer. Get in touch with your IT department or seek guidance from an IT software services firm right away.

To prevent this form of attack, it's always important to be suspicious of all USB drives that could have been handled by someone you do not know. The first step in prevention starts with awareness. Keep your staff up to date on how common these attacks are, and how quickly and easily they can be tricked by cybercriminals.

A well-rounded cybersecurity plan can also help minimize the effects of these attacks. The following are best practices to prevent thumb drive attacks:


  1. Install and maintain endpoint security software on your computer.

  2. Make sure you have a software firewall. 

  3. Never connect a USB thumb drive into your computer other than one you buy at a reputable store. 

  4. Never plug an unknown USB into your computer. When a USB drive is found unattended, pick it up and advise your IT department. There are ways to get it to its rightful owner that don't involve seeing the files. They could air gap it on a computer, for example. 

  5. Disable AutoRun on your machine. AutoRun is a feature that allows Windows to automatically run the startup program when a CD, DVD or USB device is inserted into a drive. AutoRun also automatically shows the contents of the USB device such as an iPod or thumb drive when it is inserted into a computer. Contact an IT services firm or your computer reseller if you need help disabling AutoRun.

 

In a corporate context, a comprehensive cybersecurity policy will help communicate the need to be wary of USB drives.

 

Everyone could benefit from some security awareness. Get in touch with CITI and we'll train your staff on how to prevent USB drive attacks and other types of cybercrime.

 

 

Learn about your IT security. Register for a free cybersecurity consultation.  Book Now Considering moving to the cloud? Find out if the cloud is right for your company.Book Now
Guide to Email Security from our Practice Safe Cyber Series Download Your Poster
Global Toronto and CreateTO City of Toronto Agencies Case Study
Learn about your IT security. Register for a free cybersecurity consultation.  Book Now
Guide to Ransomware Attacks in Canada
Considering moving to the cloud? Find out if the cloud is right for your company.Book Now
New IT Infrastructure Transforms Organization. KCI Ketchum Canada
Engage our services and get 10 hours free. It's easy to work with CITI. Become a client.Book Appointment

IT Insights from our Blog

Read more

We're here to help!

Moving to the Cloud
Cybersecurity

Is your management team asking about your IT security policies and practices? Are you worried about a cybersecurity breach? CITI’s comprehensive IT security services provide all the information your company needs to deal with current and future security situations and concerns. Learn about your IT security. Register for a free cybersecurity session.

Managed Services

There is another way to manage your IT that doesn’t require you call your IT firm. Managed IT services offer proactive care, support, monitoring and maintenance of your computer systems for a fixed monthly fee. Process-driven, less involvement, more predictable cost. Yes, Virginia, there is a way to keep your IT running smoothly that does not require you to make a call.

Pay-As-You-Go

Are you concerned about minimizing IT maintenance costs? Perhaps you’re techno savvy. Or maybe you only need an IT firm for complex IT situations. CITI can provide exactly the volume of IT services that you want and need from network troubleshooting to helping a user with a jammed printer. Our full range of services are available on a per incident basis.

Disaster Recovery

Is the stuff of your nightmares power outages? The only way to deal with a severe interruption to business operations is to plan for it. Beginning with a disaster recovery plan through implementing and maintaining failsafe, foolproof, rock-solid offsite backups, CITI has helped 100s of companies protect their most valuable asset—their data and systems.

IT Consulting

Uncertain if your company should move to the cloud? Do you have doubts about the best way to back up your data? Looking for ways to minimize your vulnerability to IT security breaches? Perhaps you’re looking for help with your annual IT budget. CITI’s IT advisory services help businesses make informed strategic and tactical decisions on information technology.

Call Us

416-603-2442