Flash drives or USB drives are everywhere today, you probably have one on your desk right now – they are an extremely convenient tool to transfer data between devices quickly and safely. But did you know that thumb drives are also used by hackers? The scenario is simple – you find a thumb drive and want to return it to the owner. You decide to plug it into your personal or office computer in search of a file that contains the name of the owner of the USB drive. The next thing you know – you have become a victim of a hacker, possibly without even knowing it.
Types of thumb drive attacks
While the beginning of all thumb drive attacks is similar, they can be divided into three categories when it comes to the technical side. First, there are attacks that aim to infect your computer with malware. The malicious software is usually uploaded to your computer automatically from the flash drive or the flash drive contains a code that causes your computer to download malware from the internet. The second type of thumb drive attacks use social engineering, for instance, a file on the USB drive can take you to a website that will then trick you into handing over your personal information or login details. The final type of thumb drive attacks the USB drive can trick the computer into thinking that it’s a keyboard that was plugged in. The thumb drive then sends a series of commands to the computer, which allows the hacker to access the computer remotely without the victim even knowing.
Famous thumb drive attacks
You might think that only small businesses and individual users have been victims of thumb drive attacks, but you’d be wrong – many large companies and even government entities have had major security breaches because of thumb drive attacks.
For instance, a flash drive infected with malicious software was plugged into a US army computer in the Middle East, spreading malware to classified and unclassified systems, which resulted in severe data leaks to foreign intelligence groups. During a different thumb drive attack, malware infected Siemens software at many industrial locations in Iran, sending classified information to third party agents.
Thumb drive awareness – what do employees need to know?
Just like you have to train your employees when it comes to passwords and physical security protocols, you need to ensure that all people who work at your company have gone through proper thumb drive awareness. First of all, make sure that your company has a strict policy on what can and cannot be plugged into company computers and personal devices connected to your company network. If there are particularly important devices in your company, you can even physically block the USB port or install programs that block unauthorized USB devices. Finally, it’s important for employees to know that storing sensitive company information on USB drives is unacceptable and that if it can’t be avoided, all data should be encrypted and password-protected.
