There are various ways in which a virus can infect your system, one way that is used by Cyber Criminals to penetrate business networks is via USB Devices, a popular method that is often forgotten.
In a recent experiment in four major U.S. cities, that’s exactly what happened when 200 unbranded USB devices were left in public places. One in five people let their curiosity get the best of them and plugged the flash drive into a device.
Yahalom is the co-author of a journal article on the research with Dr. Nir Nissim, head of the Malware Lab of the Cyber Security Research Center at Ben-Gurion University, and Yuval Elovici, head of BGU’s Cyber Security Research Center (CSRC).
Yahalom said, “There are many non-trivial USB-based attacks. Some are carried out by the host, the computer connecting the USB peripheral. The most common ones are infected, or malicious. Once connected, they have access and take control of your computer.
“Microcontrollers are another attacks category. Microcontrollers can impersonate a USB peripheral. For example, you can program a teensy microcontroller or an Arduino [board] to act like a keyboard or a mouse. Once you program a keyboard and connect, it actually starts injecting key presses. It’s actually like having someone working on your computer.”
Why are USB Devices so commonly used for Cyber Attacks?
The USB Device does the hard work – Once the device has been plugged into your machine, it’s already bypassed any perimeter cyber defenses you have in place as well as your firewalls.
The victim won’t know what’s hit them – Cyber Viruses are sneaky, once they have been deployed through a device they can remain unnoticed for weeks, only being detected when the damage is already done.
Curiosity kills the Network – What’s on the USB? What if it’s important? Cybercriminals rely on the victim plugging in the device due to curiosity – and it’s often effective!
