What is a USB Drop Attack?
A USB drop attack occurs when an attacker places a seemingly innocent USB drive containing malicious code in the vicinity of a victim who might plug it into a computer. This infected USB then acts as the medium for hackers to carry out their attacks.
How does it take place?
A USB drop attack takes advantage of our innate curiosity, which is why it is often successful. A user who plugs in an unknown USB is vulnerable to the following attacks:
-
Social engineering - USB baiting, which is a type of social engineering attack, tricks gullible users into clicking files with inviting names such as "confidential.txt." These files contain links which take them to phishing sites that harvest their credentials.
-
Malicious code - This attack is a basic one; a user clicks on a file hoping to find information in it. Instead, the file unleashes a malicious code that infects and damages the computer.
-
Human Interface Device (HID) spoofing - The most sophisticated form of drop attack, HID spoofing, aims to misdirect computers into thinking that the plugged in USB device is a keyboard. Once it is plugged in, the USB device injects preconfigured keystrokes that give hackers remote access to the system.
-
Zero-day attack - This attack takes advantage of the existing vulnerabilities in a machine's software. The malicious code present in the infected USB drive uses the unpatched vulnerabilities in the software to damage the system. While this is similar to the malicious code attack, it specifically exploits hidden vulnerabilities and cannot be fixed until a patch is deployed.
Where has it happened before?
Though USB drop attacks are low-intensity attacks, they have created problems in the past.
-
The Stuxnet worm attack - In January 2010, several centrifuges of Iran's Natanz nuclear facility started failing. A few days later, many of the computers at the facility started crashing due to unknown reasons, resulting in a decline in productivity. An investigation pointed to a worm named Stuxnet that had made its way into the systems through a USB found abandoned. The infected USB drive was plugged into a worker's computer, and the worm spread to other computers. This worm enabled its perpetrators to gain access to the system, where they were then able to control the working of the nuclear plant and reduce its efficiency by about 30 percent. This was one of the most well-known attacks in history that originated from a USB drop attack.
-
The U.S. Military cyberattack - In 2008, an infected USB drive left in the parking lot of a U.S. defense facility in the Middle East was plugged into a laptop. The malicious code then unleashed and spread undetected to both classified and unclassified systems. The worm identified and leaked sensitive data via backdoors to a remote server. The military dedicated almost 14 months cleaning the worm from its networks.
