USB Drop Attack


USB stick
USB drop attack

A USB stick is a small, portable storage device that plugs into a computer's USB port. USB sticks are often used to move files from one computer to another or to store files offline.


USB sticks were first created in the early 1990s as a way to transfer data between computers. They were originally called "thumb drives" because they were about the size of a thumb and could be easily carried around. USB sticks have since become much smaller and can now hold a lot more data. They are also used to store music, movies, and other files.


A USB stick has a limited capacity, which depends on the model. Some can store up to 128GB, while others have a capacity of only 8GB.



Types of malicious attacks with USB stick


USB devices are a common way for malware to spread. In fact, a study by Symantec in 2013 found that one in five organizations had been infected by malware spread through USB devices.


One of the most common ways that USB devices are used to spread malware is by using them to spread autorun malware. Autorun malware is a type of malware that is activated as soon as a USB device is plugged into a computer. This type of malware can be very dangerous, as it can allow an attacker to take control of a computer as soon as the USB device is plugged in.


Another common way that USB devices are used to spread malware is by using them to spread ransomware. Ransomware is a type of malware that encrypts a user's files and then demands a ransom payment in order to decrypt the files. This type of malware can be very dangerous, as it can allow an attacker to hold a user's files ransom.


USB devices can also be used to spread spyware. Spyware is a type of malware that is used to collect information about a user's computer usage. This type of malware can be very dangerous, as it can allow an attacker to spy on a user's computer usage.


A USB stick can be also used to steal data from a computer. The data can be stolen by copying it to the USB stick, or by installing malware that can steal data from the computer.


The main technique to deliver malware to the victim's computer is to make the end user insert a USB stick into the computer drive. The technique is called USB baiting. It involves leaving a USB drive in a public place with a known malware payload. When someone plugs in the USB drive, they will be infected with the malware. USB baiting is a variation of the USB drive-based attack known as BadUSB.



USB sticks and company's Security Policy


A fair business practice is that the company's security policy about USB drives does not allow them to be used on the company's network. However, if you still use USB sticks in the company, use the appropriate software to encrypt your data.


There are a few software options that can be used to encrypt USB flash drives.


BitLocker

BitLocker is a full-disk encryption feature that is included with certain editions of Windows. It can be used to encrypt USB flash drives, as well as the hard drives on your computer.


TrueCrypt

TrueCrypt is a free and open-source program that can be used to encrypt USB flash drives, as well as the hard drives on your computer.


Veracrypt

Veracrypt is a free and open-source program that can be used to encrypt USB flash drives, as well as the hard drives on your computer.


DiskCryptor

DiskCryptor is a free and open-source program that can be used to encrypt USB flash drives, as well as the hard drives on your computer.



Conclusion

There are a few key things that employees should be aware of when it comes to USB use in the workplace. First, employees should be aware of the potential security risks associated with USBs. USBs can be used to steal data or install malware on a computer, so it is important to be careful when using them. Employees should also be aware of the proper way to use USBs. They should not plug USBs into computers that they do not own or do not have permission to access. They should also be careful not to share USBs with other people, as this can also lead to security risks.