When you think about cybercrime, you probably think of malicious emails or deceptive phone calls. However, cybercriminals have become more creative. Attacks via USB drives are becoming more and more common. People are advised to take caution when accepting a loose, unpackaged USB drive from another person, or when finding a random USB drive either in the office or on the streets.
Loading a thumb drive with malware and then leaving it in a place where it is likely to be found is the start of a perfect cyber crime. The criminal creates the malware and lets the unsuspecting target load the malware on to their computer.
Users unknowingly expose their organizations to attacks when they connect thumb drives. In trying to determine just how tempting a "found" thumb drive can be, researchers from Google, the University of Illinois Urbana-Champaign, and the University of Michigan, disseminated 297 USB drives around the Urbana-Champaign campus. The results were alarming. Overall, 48% of the drives were picked up and plugged into a computer, some within minutes of being dropped. Further, the researchers found that only 16% of users bothered to scan the drives with anti-virus software, while 68% took no precautions at all before plugging in the drives. This research confirmed that an attackers could easily spread malware by dropping infected USB thumb drives in public places.
In general, USB connected devices are a massive point of vulnerability. Bad guys can count on a user's a natural inclination to get something for free. Users need to learn about the dangers of being complacent.
A free USB drive. What could possibly go wrong?
When accepting a USB key from someone you do not know, whether it is from a "vendor" as a value add-on for a purchase, or sent to your office or home anonymously, or from someone asking for a copy of your presentation at a conference, beware. There's a good chance that plugging in the USB could install malicious software and cause enormous hardship for everyone on your network.
Ask yourself why someone would be giving you this USB drive. Does it come securely packaged? Is the person you received the drive from who they say they are? If it is truly from a reputable vendor, the USB drive will come in its original packaging. All loose USB keys sent to you in an envelope or provided by a stranger should be handled with great care.
What could possibly go wrong? Here are a number of things:
The thumb drive could install surveillance software, like keyloggers. This involves installing a program on your computer that waits a certain time to wake up before allowing bad actors to surveil your entire system.
Some USB attacks install ransomware for financial gain and will ask you for money in return for access to your files.
Beachhead software is often used by crypto-miners. This software is not typically malicious but parasitical in that it exploits and utilizes your computer. In this scenario, a beachhead gets installed that allows a bad actor to access your system at an admin or privileged level. This allows them to run numbers on your computer for their own cryptocurrency mining purposes.
Cryptocurrency is based on serial numbers that are exceedingly rare. Crypto-miners get BitCoin once they determine these serial numbers. However, it takes a long time to run combinations of numbers to produce a serial number. The type of math needed to mine BitCoin makes computer video cards run very hot. The expense for air conditioning is significant, which has led to cryptocurrency miners buying old submarines and mines to cool their systems.
Most crypto-miners aren't able to build such large facilities so they build crypto-mining apps that allow them to spread out the effort. These apps install software on other people's computers to crunch cryptocurrency numbers. They chug away in the background on your computer, communicating continuously on the Internet. Theses apps make your computer a bit slower but otherwise are indiscernible.
If you think that you may have fallen victim to a USB attack, immediately log off your network, disconnect the wireless connectivity, and unplug your computer. Get in touch with your IT department or seek guidance from an IT software services firm right away.
To prevent this form of attack, it's always important to be suspicious of all USB drives that could have been handled by someone you do not know. The first step in prevention starts with awareness. Keep your staff up to date on how common these attacks are, and how quickly and easily they can be tricked by cybercriminals.
A well-rounded cybersecurity plan can also help minimize the effects of these attacks. The following are best practices to prevent thumb drive attacks:
Install and maintain endpoint security software on your computer.
Make sure you have a software firewall.
Never connect a USB thumb drive into your computer other than one you buy at a reputable store.
Never plug an unknown USB into your computer. When a USB drive is found unattended, pick it up and advise your IT department. There are ways to get it to its rightful owner that don't involve seeing the files. They could air gap it on a computer, for example.
Disable AutoRun on your machine. AutoRun is a feature that allows Windows to automatically run the startup program when a CD, DVD or USB device is inserted into a drive. AutoRun also automatically shows the contents of the USB device such as an iPod or thumb drive when it is inserted into a computer. Contact an IT services firm or your computer reseller if you need help disabling AutoRun.
In a corporate context, a comprehensive cybersecurity policy will help communicate the need to be wary of USB drives.
Everyone could benefit from some security awareness. Get in touch with CITI and we'll train your staff on how to prevent USB drive attacks and other types of cybercrime.