What is a USB Drop Attack?

A USB drop attack occurs when an attacker places a seemingly innocent USB drive containing malicious code in the vicinity of a victim who might plug it into a computer. This infected USB then acts as the medium for hackers to carry out their attacks.

How does it take place?

A USB drop attack takes advantage of our innate curiosity, which is why it is often successful. A user who plugs in an unknown USB is vulnerable to the following attacks:

  • Social engineering - USB baiting, which is a type of social engineering attack, tricks gullible users into clicking files with inviting names such as "confidential.txt." These files contain links which take them to phishing sites that harvest their credentials.
  • Malicious code - This attack is a basic one; a user clicks on a file hoping to find information in it. Instead, the file unleashes a malicious code that infects and damages the computer.
  • Human Interface Device (HID) spoofing - The most sophisticated form of drop attack, HID spoofing, aims to misdirect computers into thinking that the plugged in USB device is a keyboard. Once it is plugged in, the USB device injects preconfigured keystrokes that give hackers remote access to the system.
  • Zero-day attack - This attack takes advantage of the existing vulnerabilities in a machine's software. The malicious code present in the infected USB drive uses the unpatched vulnerabilities in the software to damage the system. While this is similar to the malicious code attack, it specifically exploits hidden vulnerabilities and cannot be fixed until a patch is deployed.

Where has it happened before?

Though USB drop attacks are low-intensity attacks, they have created problems in the past.

  • The Stuxnet worm attack - In January 2010, several centrifuges of Iran's Natanz nuclear facility started failing. A few days later, many of the computers at the facility started crashing due to unknown reasons, resulting in a decline in productivity. An investigation pointed to a worm named Stuxnet that had made its way into the systems through a USB found abandoned. The infected USB drive was plugged into a worker's computer, and the worm spread to other computers. This worm enabled its perpetrators to gain access to the system, where they were then able to control the working of the nuclear plant and reduce its efficiency by about 30 percent. This was one of the most well-known attacks in history that originated from a USB drop attack.
  • The U.S. Military cyberattack - In 2008, an infected USB drive left in the parking lot of a U.S. defense facility in the Middle East was plugged into a laptop. The malicious code then unleashed and spread undetected to both classified and unclassified systems. The worm identified and leaked sensitive data via backdoors to a remote server. The military dedicated almost 14 months cleaning the worm from its networks.

The DataSecurity Plus solution

The best way to protect yourself from a USB drop attack is to avoid plugging unknown USB devices into computers. Sometimes, unintentional actions happen, but for these situations there are options to minimize the consequences. In the event of an attack, DataSecurity Plus can help you limit and mitigate the damage by:

Monitoring all USB actions

Ensure that all USB data transfer actions are monitored and reported in real time, along with the crucial details such as the when, what, who, and where of the process.

Triggering instant alerts in case of threats

Receive instantaneous email alerts when a sudden spike in data transfer activities to a USB device is observed.

Automating ransomware threat responses

Detect ransomware attacks in real time, alert, and quarantine the infected system immediately to minimize the damage.

Preventing data leaks from USB devices

Detect when critical files are copied to USB devices, and stop such actions using data leak prevention policies.

Email Download Link