Universal Serial Bus, or USB, is a widely adopted industry standard used in computer peripherals such as keyboards, mice, and external storage devices. Its standardized connectors and backward compatibility make it highly convenient.
However, USB drives, a popular form of portable storage, have been weaponized by bad actors. In an incident in Ecuador, a journalist had a USB drive explode in his face, resulting in light injuries. The drives were sent to the journalist and four other professionals, but only the journalist’s exploded. It was later discovered that the USB drive contained a 1cm long capsule with plastic explosives.
While not all attacks involving USB drives are as dangerous, they can still be harmful. Hackers have utilized USB drives to spread malware and gain unauthorized access to computers. Last year, the FBI issued a notice regarding USB drives sent by the hacker group FIN7 through postal services. These drives were disguised as typical gift items to deceive recipients. Once plugged into a computer, the USB drives functioned as keyboards, allowing hackers to input commands and infect the system with malware.
Furthermore, ransomware gangs have also exploited compromised hardware to infect other workstations in a network. For example, FIN7 used compromised computers to infect other machines with the Clop ransomware. The Clop ransomware has been used in various attacks, including one on two Prudential companies in Malaysia.
More recently, a European healthcare institution was infected through a USB drive belonging to a staff member. The thumbdrive was infected with malware during an overseas conference and subsequently introduced the malware to the institution’s systems.
USB drops, where USB drives are strategically dropped around a target’s vicinity, have also been employed in attacks. The famous Stuxnet worm attack on an Iranian nuclear facility in 2010 occurred when an employee picked up an abandoned USB drive and plugged it into his workstation. Additionally, in 2008, the US military experienced a major cyberattack after a USB drive found in a parking lot was plugged into a laptop.
There are also devices like the USB Killer, which can physically damage computers by discharging a powerful surge of electricity into the USB port. A student at the College of Saint Rose in New York used one such device to destroy 66 computers, resulting in criminal charges and required damages payment.
Additionally, consumers should be wary of unusually cheap high-capacity USB drives sold online. Some fraudulent vendors sell lower-capacity drives with modified firmware that falsely indicates a much higher storage size. As a result, when the actual data exceeds the drive’s capacity, it starts overwriting older files.
In conclusion, it is important to exercise caution with USB drives. Avoid plugging random USB sticks into your computer and be cautious of suspiciously cheap high-capacity drives.
Credit: The Star : News Feed