Time
2 hours 25 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
So in the last video, we learned what USB drop tax are on this video. We're gonna be learning why these attacks are so effective in terms of the human and in terms of the machine.
00:10
So why are U S B drop attacks so effective?
00:15
Well, the long and short of it is that they work and they work well, unfortunately,
00:19
um, the reason being is they rely on the weakest link things and security. And the weakest length is human beings. Unfortunately, people can harden systems and create stronger controls. But humans will always be the weakest length and security.
00:39
Now, these attacks play on the humans curiosity.
00:44
Uh, if human CIA device laying around that has potential juicy information, people who can't help themselves, and sometimes that's that's a good desire to die, desire to help people to see what's inside, to give it back to the person that may belong to, or maybe a little
01:03
more sinister, maybe
01:04
a desire just to snoop around the device to see what's on it. Any good information? Um,
01:11
now, Attackers, Attackers know this, and the leverage it Attackers will use thes desires to get victims to take these devices
01:21
Now they may further play on other human desires on dhe by naming the files that they may need victims to click on, Um,
01:33
for example, maybe maybe an attacker wants to leverage victims greed. So once, once the victim has the flash drive and is looking inside, maybe a tackle name a a malicious file like Bitcoin, while information
01:48
and Attackers may use other tactics, maybe maybe they'll they'll name something my *** pictures and make it look like it's a picture file. And instead, there's something else on that file,
02:00
and this kind of has a secondary, uh,
02:04
effect that Attackers are me. Relying, too, is is maybe the victims too embarrassed to admit they looked at that pile, so maybe they won't tell anybody where they work. So another win for the attacker there.
02:21
Now we can't really all blame humans. There is some blame to be placed on the machines. These devices get plugged into AA. Lot of times. These devices aren't doing any checking whatsoever on strange USB devices that get plugged in
02:38
now. I mean, there are some countermeasures you can scan devices for malware. Aah! Lot of times that's not honor me, though that has to be done by the human controlling the computer.
02:51
Now there is some. You can give some credit to certain operating systems such as Windows, these type of future called auto run. So if there was a file in there that was made a certain way, that vile run immediately, once the flash drive was was plugged into a device. Now they have what's called auto play, which
03:09
ask the person what they want to do with advice. But that's that's still
03:14
bare minimum of what device could do. Um, so all blame can't really be placed on humans, so some some devices have to take some of the blame here.

Up Next

USB Drop Attack

Malicious devices are everywhere these days, whether you can see them or not.

Instructed By

Instructor Profile Image
Shawn Briere
Information Security Analyst
Instructor