A cyberattack via a USB interface

Proper extended detection and response solution (XDR) with proper USB device control can help organisations make their IT systems more resistant to infection through USB interface.

It is well known that a system’s endpoints in an organisation are the most vulnerable to malware attacks. There is often a lack of knowledge about different attack scenarios, therefore employees in an organization rarely know how easily they can become a target for cyberattack via manipulated USB interface. These include USB memory sticks/flash drives, charging cables, gadgets, and network adapters.

Infected firmware in USB devices

The perfidious thing about cyberattacks made via USB interfaces is the type of infection: The malware is often hidden directly in the firmware of the USB interface and there is no need for an infected file on the USB device. The malware is simply executed when the respective USB device is plugged in, where virus scanners and firewalls are unable to register or prevent the attack. It is also possible to set the firmware so that the attack does not start until a later time. Regardless of which time is set, it may be subsequently possible to carry out attacks with simulated keyboard input, listen in on network traffic, or redirect it. This way, security policies can be deactivated, or remote accesses can be started. Criminals can get to organization data quickly and easily, cause deliberate damage, or prepare further attacks. There is no longer a need to crack a firewall.

If employees are targeted as attack vectors, this not only poses a problem for the organisation's IT; The associated stress and strain on employees should also be taken seriously. Nobody can expect the employees to take full care of IT security, but they just cannot simply avoid the respective risks. An employee who has accidentally caused damage will usually not get away unscathed.

Security for organisations of all sizes 

As company networks are often affected by security vulnerabilities, organisations of all sizes should take the necessary precautions to protect their employees and their own network.  Cybersecurity should, wherever possible, be automated and centralized as part of a comprehensive security concept.

Tips to avoid USB cyberattacks

  1. The first thing to do is to identify the locations at which data is handled, check how the data is used, and check which USB and storage devices and which data transfers to or from these devices could pose a security risk.
  2. It is advisable to block or filter access for devices, media, and interfaces with a higher risk.
  3. It is even better to only allow access to USB devices that have been purchased, checked, and approved by the IT department.
  4. Critical data with sensitive information should never by stored on unsafe devices. If no other option is available, encryption should be used at the very least.
  5. Data transfer anomalies should be detected, reported, and blocked in an automated manner. If malicious code is discovered, this must be blocked as swiftly as possible using post-infection measures.
  6. To ensure traceability in accordance with EU GDPR, it is essential to log all data transfers.

Proper extended detection and response solution (XDR) with proper USB device control can help organisations make their IT systems more resistant to infection through USB interface. XDR solutions provide automated detection and combating of malware. In this case, there is no need for IT staff to intervene manually.


Photo: rawpixel


Slovenian talents are going to the European competition on cybersecurity

Excellent SMEIn Portoroz, CREAplus will prepare Slovenian competitors for the European competition of the young talents in cybersecurity European Cybersecurity Challenge 2022.

Read more ...

CREAplus obtained the Excellent SME certificate

Excellent SMECREAplus received the Excellent SME certificate, issued by the Chamber of Commerce and Industry and credit rating agency Coface.


Read more ...

Protecting Digital Identities - Save the Date!

Excellent SMESave the date! Plan to attend our event "Protecting Digital Identities" on Wednesday, 14 September 2022, in Vienna, Austria. 

Read more ...

u.trust 360 v4.0 - Centralized Management and Monitoring Platform

u.trust 360 v4.0u.trust 360 v4.0 - the next generation of easy and convenient HSM administration is available now! 

Read more ...

CREAplus Supported DragonHack 2022 Hackathon

DragonHackCREAplus is already the second time in a row supporter and sponsor of DragonHack, Slovenian student hackathon. 

Read more ...