Did you find a chance USB key, maybe at your school or in a parking lot? You might be tempted to plug it into your PC, but you could open yourself up to attack or, even worse, permanently damage your machine. Here’s why.
USB drives can spread malware
Probably the most common threat posed by a USB flash drive is malware. Infection via this method can be both intentional and unintentional, depending on the malware in question.
Perhaps the most famous example of USB-delivered malware is the Stuxnet worm, which was first discovered in 2010. This malware targeted four zero-day exploits from Windows 2000 to Windows 7 (and Server 2008) and wreaked havoc on approximately 20% of Iranian nuclear centrifuges. Since these facilities were not accessible via the Internet, Stuxnet would have been introduced directly using a USB device.
A worm is just one example of self-replicating malware that can spread in this way. USB drives can also spread other types of security threats like Remote Access Trojans (RATs) which give a potential attacker direct control of the target, keyloggers which monitor keystrokes to steal credentials and ransomware that demands money in exchange for access to your operating system or data.
Ransomware is a growing problem and USB-based attacks are not uncommon. At the beginning of 2022, the The FBI released the details about a group called FIN7 that sent USB drives to American companies. The group attempted to impersonate the US Department of Health and Human Services by including USB devices with letters referencing COVID-19 guidelines, and also sent infected discs in Amazon-branded gift boxes with counterfeit thank you notes and gift cards.
In this particular attack, the USB drives presented themselves to the target computer as keyboards, sending keystrokes that executed PowerShell commands. In addition to installing ransomware like BlackMatter and REvil, the FBI reported that the group was able to gain administrative access to target machines.
The nature of this attack demonstrates the highly exploitable nature of USB devices. Most of us expect USB-connected devices to “just work”, whether they’re removable drives, gamepads, or keyboards. Even if you have configured your computer to scan all incoming messages discsif a device disguises itself as a keyboard, you are still open to attack.
In addition to USB drives used to deliver payload, drives can just as easily become infected by being placed in compromised computers. These newly infected USB devices are then used as vectors to infect more machines, like yours. This is how it is possible to recover malware from public machines, such as you might find in a public library.
“USB killers” can fry your computer
While USB-delivered malware poses a very real threat to your computer and data, there is a potentially even greater threat in the form of “USB killers” that can physically harm your computer. These devices created quite a splash in the mid 2010sthe best known being the USBKill which is (at the time of writing) in its fourth iteration.
This device (and others like it) discharge energy into anything it is plugged into, causing permanent damage. Unlike a software attack, a “USB killer” is designed only to damage the target device at the hardware level. Data recovery from disks may be possible, but components such as the USB controller and motherboard are unlikely to survive the attack. USBKill claims that 95% of devices are vulnerable to such an attack.
These devices not only affect your computer via USB drives, but can also be used to deliver a powerful shock to other ports, including smartphones that use proprietary ports (like Apple’s Lightning connector), smart TVs and monitors (even over DisplayPort) and the network. devices. While early versions of the USBKill “penetration test device” reused power supplied by the target computer, newer versions contain internal batteries that can be used even against devices that are not powered on.
The USBKill V4 is a branded security tool used by private companies, defense companies and law enforcement around the world. We found similar unbranded devices for less than $9 on AliExpress, which look like standard USB flash drives. These are the USB drives you’re much more likely to encounter in the wild, with no real tell-tale signs of the damage they can cause.
How to handle potentially dangerous USB devices
The easiest way to protect your devices from harm is to examine each device you connect. If you don’t know where a drive came from, don’t touch it. Stick to the brand new drives you own and bought yourself, and keep them exclusive to the devices you trust. This means not using them with public computers that could be compromised.
You can buy USB sticks that allow you to restrict write access, which you can lock before logging in (to prevent writing malware to your drive). Some readers come with passcodes or physical keys that hide the USB connector so it can’t be used by anyone but you (although they aren’t necessarily tamper-proof).
Although USB killers can cost you hundreds or thousands of dollars in property damage, you’re probably not likely to encounter one unless someone specifically targets you.
Malware can ruin your day or your entire week, and some ransomware will take your money and destroy your data and operating system anyway. Some malware is designed to encrypt your data in a way that makes it unrecoverable, and the best defense against any type of data loss is to always have a solid backup solution. Ideally, you should have at least one local backup and one remote backup.
When it comes to transferring files between computers or individuals, cloud storage services like Dropbox, Google Drive, and iCloud Drive are more convenient and secure than USB devices. Large files can still be a problem, but there are dedicated cloud storage services for sending and receiving large files that you can turn to instead.
In circumstances where disk sharing is unavoidable, make sure other parties are aware of the dangers and take steps to protect themselves (and you by extension). Running some sort of anti-malware software is a good start, especially if you’re using Windows.
Linux users can install USB Guard and use a simple whitelist and blacklist to allow and block access on a case-by-case basis. With Linux malware becoming more prevalent, USBGuard is a simple, free tool you can use to add additional malware protection.
Take care of yourself
For most people, USB-delivered malware poses little threat because of the way cloud storage has replaced physical devices. “USB killers” are scary devices, but you probably won’t come across any. However, by taking simple precautions like not putting random USB drives in your computer, you can eliminate almost any risk.
It would, however, be naïve to assume that attacks of this nature do occur. Sometimes they target individuals by name, delivered by mail. Other times, it’s state-sanctioned cyberattacks that damage infrastructure on a massive scale. Follow a few general safety rules and be secure both online and offline.
RELATED: 8 cybersecurity tips to stay protected in 2022