USB devices are a hackers best friend...
USB drives, also known as data sticks or thumb drives are a popular way of storing and transporting files from one computer to another. They are used a lot purely for the fact that they are easily portable, inexpensive and easy to use. However, these efficient devices are widely used by hackers in order to distribute malicious and spreadable malware onto vulnerable users PC’s.
How attackers use USB drives to infect computers
“But how can a hacker infect my PC with a USB device, without having physical access to my PC?”
Good question. USB Devices can be tampered with during the production or supply chain process if quality control measures are poor, meaning users could buy an infected USB and as soon as they plug it into their computer system, malware is instantly installed without them even knowing. Crazy… we know!
There are numerous ways for attackers to use USB drives to infect computers. Most viruses depend on automatically running when the USB drive is plugged into a computer. If an attacker manages to infect one computer with viruses from a USB, they typically are able to then spread the viruses onto other computers. A typical channel for attackers to spread viruses is through email. As you may already know, email is an effective way for attackers to target users with dangerous attachments and links.
Believe it or not, but hackers are known to drop USB devices in heavily-trafficked locations around their initial target. In some cases, they might drop USB’s in highly populated areas like car parks, shops and town centers. It might seem silly, but it actually works. The hacker is hoping for a curious person to pick up the USB device, go home and plug it into their PC. The USB will typically have an eye-catching file loaded onto it which users would find hard to resist clicking. For example, the file could be called ‘paymentdetails.doc or 2018salaryinfo.doc’. Once a user clicks the file they will be prompted to open it, from there the malicious software is able to run and activate webcams and programs, and can run a log of keystrokes. This USB trick is essentially the same process an an email phishing attack, and it’s surprisingly effective!
How you can protect your PC from dangerous USB devices
Use USB security features – Using passwords and encryption features on your USB drive will help protect your data, and will also prevent unauthorised people from accessing your USB. Likewise, make sure your data is backed up on a secondary USB just in case your primary USB is lost.
Keep personal and business USB drives separate – It’s important to know that you shouldn’t use a personal USB drive on your work PC, as it may contain malware that could spread across the entire company network, overall affecting many users. Likewise, don’t plug in USB drives containing corporate information into your personal computer.
Never plug in an unknown USB drive into your PC – If you ever find a USB, it’s best to not plug it in to your own PC. It may contain spreadable malware that could infect your computer and it could steal and damage your personal data. Likewise, if you find a USB on your work premises you should report it to your IT department.
Turn off/disable Autorun – Windows has an Autorun feature that detects USBs, CDs and DVDs as soon as they are inserted into your PC. By disabling Autorun, you can prevent malicious code on an infected USB drive from opening automatically.
If you ever come to finding a USB drive, remember that if you decide to plug it into your PC you could be risking the security of your own personal data, as well as the rest of your companies network.