4 Major Types of USB Attack & Prevention Tips

In the dimly lit parking lot, you discover an abandoned USB drive. Your curiosity piques, and you plug it into your computer. Unknown to you, the USB contains deadly malware. It takes over your system and the laptop screen flashes an ominous message on her screen read: "Your files are now mine”. You are now under USB attack!
Sounds scary, isn’t it? But this could be a reality. In fact, two recent USB hijacking incidents - ‘SOGU’ and ‘SNOWYDRIVE’ - have infected millions of computers over the globe.
The blog here aims to shed light on the types and signs of USB attacks, followed by prevention tips.

What is USB Attack?

Cybercriminals use USB Drop Attacks, also known as USB Attack or Bad USB Attacks, to spread malicious software through USB devices.

How does it work?

USB attacks involve tricking a person into plugging an infected USB drive into their computer. Once this happens, the harmful software is automatically installed on the computer. Some less harmful types of malware might make annoying pop-up ads appear or take you to strange websites. But the more dangerous ones can lock up your computer and demand money to unlock it.

Types Of USB Attacks

According to researchers at Ben-Gurion University, there are multiple different variants of USB attacks. These USB attack types are broadly grouped into four categories. Let’s check them out:
Reprogrammable microcontroller USB attacks

1. Rubber Ducky: A rubber ducky is a small USB device that mimics a keyboard. Once the removable drive is connected to the system, it injects automated keystrokes to access sensitive information or to inject payload (malware).


2. USBdriveby: The USBdriveby is a specially crafted USB device. These devices emulate a mouse or keyboard to hijack computers, often without the user's knowledge. When plugged into a USB port, it can quickly and quietly infect a computer with malware or execute malicious actions when plugged into a USB port.


3. PHUKD/URFUKED and Evilduino: The PHUKD/URFUKED and Evilduino are firmware. Once these devices establish a connection with the victim's computer, they take control of it or run keystrokes to the host as per the pre-loaded script.


4. Unintended USB channel: Among the most dangerous USB drop attack, the Unintended USB channel is probably the deadliest. It runs on the USB hardware trojan that establishes two-way communications by exploiting the vulnerability in the USB firmware or driver software to gain control of the computer. After establishing a connection with a targeted system the hackers can take.


5. Attacks On Wireless USB Dongles: In this type of attack, the infected removable device covertly captures the system logs and decrypts the keystrokes to extract the data.


6. RIT attack via USB mass storage: In these attacks, the USB drive overrides the content of the system files while the USB mass storage device is connected to a victim's computer.


7. Default Gateway Override: In these attacks, the infected USB drive spoofs the USB Ethernet adapter to override DHCP settings and hijack local traffic. After establishing the connection, it steals the data from the system.

Maliciously reprogrammed USB peripheral firmware attacks

1. Smartphone-based HID attacks: The attack works by using the smartphone to mimic an HID device. When the infected smartphone is plugged into a computer and the connection is established, the attacker can then use it to overtake the computer and run commands for opening files, running programs, or stealing data.


2. Keyboard Emulation by Modified USB Firmware: It is a keystroke injection attack which poisons the firmware of USB flash drives.


3. DNS Override by Modified USB Firmware: In the DNS Override attack with modified USB firmware, the USB device acts as a DNS server. When this USB device is plugged into a computer, the system assumes it is a legitimate DNS server and sends DNS requests. The USB device can then change the DNS settings of the computer to point to a malicious DNS server.


4. Hidden Partition Patch: The hidden partition patch is among the most common USB Malware Attacks. In this form of attack, the hacker reprograms a USB flash drive to act like a normal drive. These drives have hidden partitions that are protected from formatting. It allows hackers to run covert data exfiltration campaigns in the infected system.


5. Password Protection Bypass Patch: In this attack, the attackers make minute modifications to the internal coding of the USB flash drive. After the modifications are done, the attackers can bypass password-protected USB flash drives.


6. Boot Sector Virus: The boot sector viruses are most commonly spread through bad USB drives. These removable media drives establish a connection with the computer to transfer the malware. Once the transfer is complete, they replace or change the existing boot code to overtake the system.

Attacks Based on Unprogrammed USB devices

1. USB Backdoor into Air-Gapped Hosts: This form of USB Attack uses a USB device to gain access to an air-gapped computer (devices that are not connected to any networks, making them more secure from cyberattacks). The USB device will contain malicious code that will be executed when the computer boots up. The malicious code will then give the attacker access to the computer, even though it is air-gapped.


2. AutoRun Exploits: Some computers can have certain configurations that can allow them to automatically execute certain specific files stored in a USB. You must know that attackers have created a dedicated autorun malware to exploit this kind of configuration.


3. Cold Boot Attacks: In this attack, also known as RAM dump attack, the hacker installs a memory dumper in a USB flash drive. This memory dumper extracts left-over data from RAM.


4. Driver Update: The attack relies on obtaining a VeriSign Class 3 Organizational Certificate and submitting drivers to Microsoft. These are automatically delivered and installed on user PCs when a certain SUB device is inserted. However, this attack could be hard to pull off in the real world.

Electrical attacks

1. USB Killer: These are deadly devices that can permanently destroy electronic devices. When you plug these devices into your computer, they trigger an electrical surcharge that damages or destroys the computer hardware.

Join our cybersecurity certification course to learn more about these attacks and how to prevent them.

Consequences of USB Attack

Bad USB attack leads to grave issues, ranging from stealing passwords and accessing sensitive files to damaging a device beyond repair.
Here are some common consequences of a USB attack:

• Data Theft: An attacker can use a malicious USB to steal important information like your passwords, bank details, or valuable company data.
• Malware Infection: When a malicious USB is plugged in, it can sneakily install this bad software on your computer. The malware can steal your data, mess up your files, or disrupt how your computer works.
• Remote Control: Some attackers can gain control of your computer from afar. It's like someone sneaking into your house and using your things without you knowing.
• Denial-of-Service (DoS): Imagine your computer being bombarded with so many requests that it becomes too busy to do its usual tasks. This is what a DoS attack does, triggered by a malicious USB.
• Physical Damage: In rare cases, a malicious USB can harm your computer physically. It's like someone damaging your car so it won't start.

Tips For Preventing USB Attacks

Preventing USB attacks requires strong cybersecurity measures, employee education, and a well-structured incident response plan. Here are some practical tips to defend against these threats:

1. Avoid using USBs in unknown devices: This is the first tip to remember when you are looking to know how to prevent USB attack. Please avoid plugging it in public systems or other’s systems as much as possible.


2. Disable Autoruns: Your computer might be set to automatically connect with USB devices. We recommend turning off this feature for all devices. It gives you more control and prevents USB Phishing attacks.


3. Regular anti-virus scans for USBs: Always go for a virus scan of the USB drive before opening the stored files. Also, remember to update the anti-virus program at regular intervals.


4. Encrypt sensitive files: If you have sensitive files in the USB drive, make sure to guard them with encryption. This way, even if the hackers attack the USB, they won’t be able to steal your confidential data.


5. Enable write protection: Turn on “Write Protection” to prevent malicious writing on the files.


6. Avoid transferring attachments from random senders: Again, it’s a no-brainer. You never know about the credibility of unknown attachments. So, think twice before transferring such attachments to the USB drive.

Conclusion

USB Drives are a small, yet critical tool for data sharing. Unfortunately, hackers are utilising simple, unsuspecting USB devices to spread malware or overtake the system. However, hopefully the guide above will go a long way in keeping your USB and your computer safe.