A cyberattack via a USB interface

Proper extended detection and response solution (XDR) with proper USB device control can help organisations make their IT systems more resistant to infection through USB interface.

It is well known that a system’s endpoints in an organisation are the most vulnerable to malware attacks. There is often a lack of knowledge about different attack scenarios, therefore employees in an organization rarely know how easily they can become a target for cyberattack via manipulated USB interface. These include USB memory sticks/flash drives, charging cables, gadgets, and network adapters.

Infected firmware in USB devices

The perfidious thing about cyberattacks made via USB interfaces is the type of infection: The malware is often hidden directly in the firmware of the USB interface and there is no need for an infected file on the USB device. The malware is simply executed when the respective USB device is plugged in, where virus scanners and firewalls are unable to register or prevent the attack. It is also possible to set the firmware so that the attack does not start until a later time. Regardless of which time is set, it may be subsequently possible to carry out attacks with simulated keyboard input, listen in on network traffic, or redirect it. This way, security policies can be deactivated, or remote accesses can be started. Criminals can get to organization data quickly and easily, cause deliberate damage, or prepare further attacks. There is no longer a need to crack a firewall.

If employees are targeted as attack vectors, this not only poses a problem for the organisation's IT; The associated stress and strain on employees should also be taken seriously. Nobody can expect the employees to take full care of IT security, but they just cannot simply avoid the respective risks. An employee who has accidentally caused damage will usually not get away unscathed.

Security for organisations of all sizes 

As company networks are often affected by security vulnerabilities, organisations of all sizes should take the necessary precautions to protect their employees and their own network.  Cybersecurity should, wherever possible, be automated and centralized as part of a comprehensive security concept.

Tips to avoid USB cyberattacks

  1. The first thing to do is to identify the locations at which data is handled, check how the data is used, and check which USB and storage devices and which data transfers to or from these devices could pose a security risk.
  2. It is advisable to block or filter access for devices, media, and interfaces with a higher risk.
  3. It is even better to only allow access to USB devices that have been purchased, checked, and approved by the IT department.
  4. Critical data with sensitive information should never by stored on unsafe devices. If no other option is available, encryption should be used at the very least.
  5. Data transfer anomalies should be detected, reported, and blocked in an automated manner. If malicious code is discovered, this must be blocked as swiftly as possible using post-infection measures.
  6. To ensure traceability in accordance with EU GDPR, it is essential to log all data transfers.

Proper extended detection and response solution (XDR) with proper USB device control can help organisations make their IT systems more resistant to infection through USB interface. XDR solutions provide automated detection and combating of malware. In this case, there is no need for IT staff to intervene manually.



----

Photo: rawpixel

News

CREAplus awarded ISO 9001 certification

Utimaco video IG 4CREAplus has been awarded the ISO 9001:2015 certification for quality management.

Read more ...

CREAplus received a letter of thanks from the Ministry of Defense

CyopsThe Ministry of Defense of the Republic of Slovenia awarded CREAplus a letter of thanks for its participation in the cyber defense and strategic decision-making exercise "LOCKED SHIELDS 2021«.

Read more ...

Cynet's MDR Offers Organizations Continuous Security Oversight

CyopsToday's cyber attackers are constantly looking for ways to exploit vulnerabilities and infiltrate organizations. To keep up with this evolving threat landscape, security teams must be on the lookout for potential risks around the clock.

Read more ...

CREAplus successfully renewed ISO 27001 certification

Utimaco video IG 4CREAplus has successfully renewed the ISO/IEC 27001 certification for information security management.

Read more ...

What is the difference between a General Purpose and Payment HSM?

blockchainAlthough we do not give much thought to hardware security modules (HSMs), they are a critical element of security in an organisation’s IT infrastructure used for securing sensitive data.

Read more ...