Unknown USB Sticks

Do Not Plug In Unknown USB/Removable Devices.

Before I begin, this article relates to "protecting your business from falling victim to being compromised by a malicious USB Stick". If you're computer savvy or have experience In the hacking sector for many years to date, then you'll certainly be well aware that one of the most easiest ways to grab personal details or Inject a virus Into a computer, Is by simply plugging In a malicious USB Stick.

This does not only apply to USB Sticks, but also any removable devices with USB connectivity. That said, "seldom do social engineers and hackers opt for external HDDs/SSDs"- namely due to their size, and you'll see exactly why a little further down this article. From a business standpoint, the problem Is, not too many companies and their employees, "are aware of the dangers of plugging In an unknown USB Stick". It can have a devastating Impact when used with malicious Intent, so let's have a look at what It can potentially do.

The Capability Of A Malicious USB Stick:

There are many USB Sticks that are developed and configured to plant a virus and Infect a PC, the moment they're plugged Into the target computer. Whilst It's easy to make one of your own, a lot of social engineers use the good old USB Rubber Ducky. This Is one very Impressive tool. Now I'm not going to elaborate on every detail pertaining to Its usage- as It's way beyond the scope of this article to do so.

What I will say however, Is this. Once It's plugged Into the PC, It actually registers Itself as a "USB keyboard" and Injects a payload that can disrupt networks and systems by disabling all antivirus software and the like, and Infect the machines with ransomware. By no means Is It limited to this alone, but for the purpose of this article, I'll leave It at that. Essentially, all the social engineer has to do, Is to get an employee In your company to plug It Into one of their systems. Sounds difficult? Quite the contrary- It's a very simple process, so we'll see how It's done as follows.

The SE Attack In Action:

It's 3:00 pm on a Friday at your workplace and whilst walking to the rest room, you so happen to find an envelope on the floor that's marked "Confidential: accounts department". So you've obviously done the right thing, made your way to that very department and handed the envelope to the accounts manager.

Upon opening the envelope, there's a USB flash drive with a sticker attached that reads "urgent", so the manager plugs It Into his PC to see exactly what It contains. There's only a few Image files, so he's executed them only to find they contained the company's logo and nothing more (so he thinks!). Unbeknownst to him, a payload has Infected the entire network- It was actually attached to one of the Image files, and the social engineer now has full access to the network!

So how did the USB Stick make Its way Into your building? Simple. The social engineer walked In via the main entry door, and asked one of your receptionists If there's any job vacancies. After being told there was nothing available, he politely asked If he can use the rest room and was kindly given directions.

On his way back from the rest room, he purposely dropped the envelope containing the malicious USB Stick on the floor, thanked your receptionist and exited the building. It was as simple as that. Unfortunately for you, the curiosity and gullibility of your accounts manager (by plugging In the USB Stick), resulted In your entire network being compromised.

In Conclusion:

I have no doubt that you've grasped precisely how your systems were Infected by using a well-crafted and methodical social engineering attack, so there's no point In elaborating. What I will say, Is to "never plugin unknown USB devices of any type Into your computer". There may be a time where the USB Stick has been legitimately misplaced, so keep a "standalone computer" on hand, that's segregated from the network and does not contain sensitive Information. Use this to plugin, check and test unknown devices.