March is Cyber Threat Awareness month, and I want to share with you common knowledge in the I.T. security world that is not common knowledge to the majority of computer users. The last few videos, I have talked about Password Guessing, Phishing Emails, CEO Fraud, Executive Whaling, and Spear Phishing, but today I want to talk about how hackers can use USB drives to execute payloads on your computer or to steal data from any unattended device within 15 seconds or less.
Pen testers, White Hat or Ethical hackers use USB sticks as part of their pen test arsenal to test or assess the security posture of a company, but, the bad guys or cybercriminals also have access to the same tools the good guys use, but they use it to steal whatever files or information they want using a USB stick.
How do they use USB sticks or drives to steal data? Hackers write scripts and load it to the USB stick and the script waits for the command to execute an attack. The trigger is for the USB stick to be connected to a computer or device. Hackers will drop several of these USB drives or sticks near a target user, or a common area of a target company, and all the hacker is waiting for, is for the target person or someone at a target company to pick up the USB stick and plug it into a computer.
Once the target plugs the USB drive into a computer, silently, and behind the scenes, it will execute a payload to the device, and the computer or the company network is successfully infiltrated. The hacker can easily access the system, and get any information they want remotely, or harvest data electronically and stores the stolen data to a cloud server for their use later on all without having to break into your firewall or network.
Another way a hacker can steal electronic information or network creds is to simply walk-up to an unattended computer, plug in a USB stick to the computer or laptop, wait 15 seconds, unplug it and walk away from the computer. It is one of the easiest and simplest way hackers steal data from a computer because they don’t have to log in to the computer to do it.
Imagine, you are at a coffee shop, and you decide you want to go to the restroom, you leave your laptop unattended, a hacker can walk-up to your computer, plug a USB stick into your device, it only takes a few seconds to siphon your computer data, and be gone before you get back to your computer.
First, never leave your laptop unattended in public places, but it never ceases to amaze me how relaxed people are when it comes to their devices. I have seen people at coffee shops, airports and other public places entrusting complete strangers to watch over their stuff while they go on a potty break. But they do. If you were a target or if there was a hacker in the same area as you are, it is pretty easy for them to do what they want when you leave your computer unattended and without them having to log in to your device.
The countermeasure to prevent USB stick attacks from happening is not to pick up random USB sticks from the ground, or even if you find one in your pocket, if it is not yours, and you don’t know where it came from, don’t plug into your computer. If you find one, destroy it and throw it away so no one else can get their hands on it, and insert it into a computer.
Secondly, never leave your laptops or mobile devices unattended in public places, and lastly, if you own a company, talk to your IT administrator and see about disabling the USB access from computers to protect your network from these types of silent attacks from happening.