Any time if you ever find a Universal Serial Bus (USB) drive in your driveway, a parking lot, or other commonplaces, never plug it into your PC. The simple-looking USB might have malicious software or code to carry out a USB drop attack.
What Is a USB Drop Attack?
In a USB drop attack, a cybercriminal strategically places an infect USB in the proximity of a victim so that the target can find it and plug it into a computer out of curiosity.
USB drop attacks are social engineering attacks that rely on how humans think and act in different situations.
When a person finds a USB drive, either they want to return it to the real owner or keep it.
In both cases, they will likely plug the USB stick into a device to find out what it contains.
And when the USB drive is plug in, problem starts.
Types of USB Attacks
1. Social Engineering
USB drive have files with inviting names like “Top Secret“.
And these files have links to malicious sites.
Clicking on them takes victims to phishing sites that can dupe victims into sharing confidential information, giving money, or installing malware on their computers.
This is one of the most common types of USB drop attacks.
USB drive have files that release malicious code when somebody clicks on them, installing malware automatically on the victim’s system.
Then, attackers can steal confidential data or, in the case of ransomware, encrypt files.
Human Interface Device Spoofing
In a Human Interface Device (HID) spoofing attack, a connect USB drive misdirects a computer to think that a keyboard is attach.
Then after, the USB drive injects pre-configure keystrokes that give hackers remote computer access.
When the remote connection is establish, hackers can steal confidential information or install various types of malware on the victim’s computer.
USBKill attacks are design to destroy computers.
In such an attack, a USBKill stick that looks precisely the same as any other USB thumb drive stores power using a capacitor.
It then releases a high-voltage back through data pins of that same USB connection.
This destroys the computer as USB data pins are design to handle a tiny amount of power, which is enough to send signals.
Why Cybercriminals Attempt USB Drop Attacks?
Why would hackers try USB drop attacks?
There are a many key reasons.
Using such an attack, cybercriminals can:
- Steal logins and passwords;
- Install ransomware to encrypt data or exfiltrate data;
- Take over victims’ computers remotely to spy on them by using their webcams and microphones;
- Destroy victims’ computers.
But the main objective of USB drop attacks is money.
When hackers get hold of your sensitive data or device, they can ask for a ransom after encrypting your data or sell your confidential information on the dark web to make cash.
How to Prevent a USB Drop Attack?
You might often need to open a USB drive, without knowing if the USB drive is free from viruses or malware.
Lets take an example, your friend or relative has ask you to print a few documents from a USB drive.
You would just trust that everything is fine, ok?
They might not even be aware that the USB is compromise.
Also, sometimes, there are situations when you have to know what’s on an unfamiliar USB drive.
There some efficient ways to help you avoid falling victim of a USB drop attack.
Use Trusted USB Drives
The best and useful way to avoid a USB attack is to only plug trusted USB devices into your computer.
If you’re not sure whether a USB drive is clean or not, avoid plugging it into your computer system.
Install a Reliable and Updated Security Program
Installing and regularly updating a comprehensive antivirus program can protect your computer system from many known threats.
Make sure your PC has the latest security software install.
If the nature of your work requires you to open unknown USB drives frequently, you should look for a security solution that has capabilities beyond virus and malware mitigation.
The security solution you choose must have a feature that will not authorize any HIDs unless you input a code with an already authorized HID.
This feature will protect your computer system from HID spoofing.
Disable AutoPlay on Your PC
The AutoPlay feature is a helpful feature in Windows.
It allows Windows Explorer to automatically perform different actions depending on the media type on the connect device.
But with AutoPlay enable, malicious code or malware can be automatically execute when you connect an infected USB drive to your computer system.
So, disabling the AutoPlay feature can help you avoid getting infect while inserting unknown USB drives into your Windows PC.
How to disable AutoPlay on a Windows PC?
Follow These Steps :
- Go to Settings.
- Then go to Bluetooth and devices.
- Scroll down in the right sidebar.
- Click on the AutoPlay tab.
- Toggle off the Use AutoPlay for all media and devices option.
Use Virtualization Software to Open USB Drives
As this is not a foolproof method, opening an unknown USB drive in a virtual environment to find out what it contains can offer you reasonable protection.
You can use Oracle’s free VirtualBox program to create a virtual environment on your computer.
Make sure you disable file sharing between the host computer and the virtual machine before connecting an unfamiliar USB device to a virtual machine on your computer.
Use an Air-Gapped Computer
If you need to know what a USB drive contains, use an air-gapped computer.
An air-gapped computer means the PC is not connect to any computer network or the internet.
And you should use this air-gapped computer only for opening unknown USB drives.
Don’t Take Dropped USB Drive
Carrying out USB drop attacks is easy for hackers as buying USB flash drives is inexpensive.
The best way to protect from a USB drop attack or any other type of attack involving a USB drive is simply to never trust an unknown USB drive.
If you must open an unknown USB drive, using an air-gapped PC or a virtual environment can offer reasonable protection.
If other family members use your PC, disabling USB ports can be a good strategy to stay protect.