What is MFA?
Multi-factor authentication (MFA) is a security method that requires users to prove their identity using two or more distinct factors before accessing …
USB phishing involves attackers using physical USB devices to deliver malware, steal sensitive information or obtain unauthorised access to computer systems.
The practice is also referred to as a USB drop attack or USB baiting.
Cybercriminals leave malicious USB drives in public places or may send them directly to the intended victim.
These drives may look harmless, but once inserted, they install malware or lead users to phishing websites that request sensitive information like passwords or financial details.
Some USB devices also employ HID (Human Interface Device) spoofing – a sophisticated attack where the device sends commands to a keyboard or mouse without the victim’s consent.
Invariably, these commands instruct the infected computer to disable its cybersecurity defences or enable remote access.
Once a victim opens what appears to be innocent files or applications, they activate malware that may:
The idea that USB drives would be used to infiltrate systems now seems outdated and is reminiscent of cyberattacks in the early 2000s.
This perception may have been created by the Stuxnet attack in 2010, which many see as a historical (and not contemporary) threat.
What’s more, some people are surprised that USB sticks are still relevant in the era of cloud computing and other wireless technology.
So why do these attacks still pose a security threat?
USB phishing exploits natural human behaviour, which is difficult for even the most advanced cybersecurity systems to counter.
People tend to be curious by nature and will insert a USB drive to explore its contents. Attackers understand this, and will even name files to pique the interest of victims.
Something else criminals understand is social engineering, which is a practice that takes advantage of human behavioural tendencies.
In the context of USB phishing, attackers exploit these tendencies to manipulate, influence and deceive victims into divulging sensitive information or relinquishing control of their systems.
The importance of curiosity was demonstrated in a 2016 experiment where 300 USB drives were left in random places at the University of Illinois.
Around 98% of the drives were picked up by students and staff and 45% of individuals opened one or more files. Curiosity was one of the main drivers, but researchers posited that individuals were also motivated by altruism and wanted to return the drives to their owners.
As we touched on earlier, the sophistication of USB attacks has also increased.
The SOGU attack of 2023 is one such example, with USB devices preloaded with malware distributed to companies in key industries such as pharmaceuticals, IT and energy.
Such was its significance that cybersecurity firm Mandiant called it “one of the most aggressive cyber espionage campaigns targeting both public and private sector organizations globally across industry verticals”.
The SOGU attack was also part of a broader resurgence of USB phishing in 2023. The trend was particularly detrimental for multinationals that operate in Africa where the use of USB drives is still widespread.
USB phishing can never be prevented entirely for the reasons already mentioned, and while curiosity and altruism should never be discouraged, individuals need to exercise caution around USB devices.
Here are some measures organisations can take to stop USB phishing in its tracks.
Employee education on the dangers of inserting unknown USB devices into computers is essential, especially in industries that handle sensitive data like finance. Security awareness should also involve the development of a strict policy on USB device usage.
Simulated attacks that include “USB drops” can test employee awareness and strengthen their ability to identify threats. Simulations also identify the users most likely to explore an unknown device and help the company understand where its vulnerabilities lie.
Endpoint protection software blocks malicious files that execute when a USB drive is inserted.
Software solutions are able to identify malware, trojans and hidden executable files that often form part of a USB attack. If the software identifies suspicious behaviour, it will either block the activity or alert security teams for further action.
One noteworthy feature of endpoint protection software is its device control capabilities. These allow administrators to specify which USB devices are permitted to connect to the network.
For instance, admins can specify that only encrypted, company-issued USB drives can access particular systems.
Software can also produce detailed logs of all USB activity, which helps businesses audit and track USB usage as well as identify any unauthorised devices.
Encryption of USB devices is a critical measure for preventing unauthorised access to data if a USB device is lost or stolen.
These drives come with built-in encryption software or hardware that encrypts data as it is saved to the device. Even if a criminal has possession of a USB drive, the data remains inaccessible without the correct credentials.
Most modern encrypted USB drives use AES-256 encryption – a near-impenetrable standard that is widely used across industries for data security.
However, encrypted USB devices (and associated software) can be expensive compared to standard devices.
AutoRun is a feature in some operating systems that automatically executes certain programs when external media (such as USB drives) are connected. The feature may also show the contents of a USB device on start-up, which further increases the likelihood of system compromise.
Attackers exploit this feature by embedding malware or malicious scripts on USB drives that run automatically. Here, the best course of action is to disable AutoRun. If this is not feasible, reinforce measures that promote USB security hygiene among employees.
Summary:
Multi-factor authentication (MFA) is a security method that requires users to prove their identity using two or more distinct factors before accessing …
Imposter scams are a type of fraud where scammers pretend to be trusted individuals, companies, or government agencies to deceive victims into …
Accounts payable fraud is a deceptive practice that exploits vulnerabilities in a company’s payment processes. It occurs when individuals—whether employees, vendors or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.