1.2 What is a USB Drop Attack - UA

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

2 hours 25 minutes
Video Transcription
So what does a USB drop attack?
Well, a USB drop attack happens when an attacker or Attackers strategically placed a USB device somewhere with the intention of person taking that device and plugging it into their computer or other machine.
And after times, these devices have malicious cloak code loaded onto them,
and Attackers will do a lot to dress up these devices to make them more enticing to take. And we'll discuss later how Attackers could do that.
Now you might be asking, Aren't there similar attacks where Attackers also usu USB devices? And yes, there is. Attackers can actually oftentimes use thes same attacks themselves and
do the, uh, uncertainty devices themselves. But a USB drive attack happens when they dropped a device, and they leave it for the victim to take and to put in their own machines.
Now these types of attacks rely heavily on what's called social engineering
s o. What a social engineering, while in terms of cybersecurity, it's using some sort of deceptive means to manipulate people into divulging some sort of information or performing some sort of action.
So, in the case of a USB drop, attack on attacker is attempting to manipulate Ah, victim and two taking us be advice they find and plugging into their computer.
Now, sometimes there's a second layer of social engineering that has to happen. Sometimes on these devices, there's
links that have to be clicked in order for the attack to be successful or malicious files that be clicked. So there's a secondary layer where the attacker has to also make files or links enticing for the victim or target to click on.
Now, unfortunately, these
attacks are very, very effective. They've they've taken down. Organizations have successful attacks on governments and everyday individuals,
and they're also unfortunately, very hard to defend against, uh, the reason being. USB storage devices are so convenient, people rely heavily on them, and a lot of organizations will outright ban these devices because these attacks can be so successful. But a lot of times
people nor this, and still use them.
and these attacks can be also very versatile. They could be narrowly targeted to a single person or single organization. Um, maybe, maybe attacker has a certain type of attack in mind when they use these types of attacks a certain target in mind
or they can just randomly distribute these attacks. Make them,
Uh, just whoever happens to be on looking enough to grab one of these devices and the possibilities are endless with these tax can can accomplish
now. The's types of attacks have been seen to be used by all kinds of groups and individuals all the way up to nations. Think hacking groups, which are hacking groups that are sponsored by nations like AA Lot come out of China and Russia and Iran.
And these attacks are even used by,
yes, the lowly script kiddie. That's that's a person basically is using someone else's knowledge and sort of just has no high level knowledge themselves.
So these air seeing everywhere
now we really can't talk about USB drop attacks without mentioning the stuxnet worm.
Uh, ***. That worm was a malicious worm. A worm is a type of self replicating malware
that was designed to destroy central fuse is used in skate a system at nuclear plants.
Now a. This this attack actually target a specific nuclear plant in Iran
Now, the reason they think that this attack was used with USB devices was because this plant had no connection to the Internet, at least not the systems that it attacked.
So it's long been thought that
one of the theories that at least, is that, uh, this this malware was brought in with USB devices, maybe a workers or or contractors. Now this attack was very sophisticated. It used several zero day vulnerabilities. Now a zero day vulnerabilities basically
a vulnerability that only the attacker knows about
that a vendor toe has no idea about. So it has zero days to patch. Hence the name.
There were several visions of this code found
in one of the attacks. It went through. It found windows machines and it found a certain program. And that was one of those machines.
And then it look for the centrifuge, hers and it light and wait for, I think, several weeks sometimes.
And then once it learned what was going on, it then spun up these centrifuges or slowed them down. Now these centrifuges have be spun at a certain rate, and if it goes too fast or too slow, it destroys them now. It was very sophisticated because it fooled the
the program to thinking nothing was wrong.
So ah, a lot of the workers there had no idea what was going on.
And, uh,
it's been reported that around 1/5 of the centrifuges were destroyed and it delayed the program by about a year
as long, but thought that this was distributed by Israel in the United States because it required ah, lot of knowledge and a lot of sophistication.
There's a few Ah, at least there's one film out there that it's not very technical, but it really goes over kind of
10,000 foot view of this, and that's called Zero Days. So if you want to learn more about this, uh, that's that's a good movie to go watch.
Up Next
USB Drop Attack

Malicious devices are everywhere these days, whether you can see them or not.

Instructed By