At a time when the risks of advanced AI-powered, email-delivered cybersecurity threats dominate the news agenda, it could be easy to overlook the dangers of some of the older attack vectors that continue to be exploited. by cybercriminals.
For industries that rely on removable media – such as USB drives – there is a continued need for vigilance, as these devices have the potential to trigger damaging and highly costly cyberattacks.
The resurgence of USB-based attacks
USB devices are commonly used in several core critical national infrastructure (CNI) sectors, such as manufacturing, utilities, and healthcare. These industries rely on USB drives to transfer data in environments with limited or no Internet access, such as isolated systems that isolate critical assets and data from external networks for security purposes.
In operational technology (OT) environments, USB drives are often the only practical way to transfer data between systems that are deliberately kept offline, making them a common tool for software upgrades or data migration.
This widespread use makes USB drives a prime target for cyberattacks. A prominent example is the Sogu malware, deployed by hacking group UNC53, which used infected USB drives to infiltrate several organizations last year. This campaign targeted industries in countries such as Egypt and Zimbabwe, where USB drives are an integral part of daily business operations.
Recent USB-based attack techniques have become more sophisticated and often bypass advanced security layers by exploiting the inherent trust between the USB device and the host.
Long-standing techniques such as “Rubber Ducky” keystroke attacks, which silently copy user activity and send information to the attacker's host system, are being implemented in new ways. For example, some human interface devices (HIDs), such as mice and keyboards, can have their firmware modified to inject keystrokes to install covert malware.
A favorite for both penetration testers and social engineers looking to lure unsuspecting employees or visiting partners into picking up and inserting a compromised USB device.
OPSWAT International Senior Vice President.
Managing removable media presents several challenges, particularly in OT-heavy environments.
USB-based attacks bypass traditional network security, allowing attackers to leak sensitive data or gain long-term access to systems. These attacks are especially dangerous on isolated systems, where a lack of network connectivity can delay detection and prolong the attackers' dwell time.
This makes them a perfect vector for malware infections, data breaches, and unauthorized access. Infected USB drives can easily introduce malicious software into systems that are not regularly monitored, resulting in potential data loss or operational disruptions. Without strict device and data controls, USB drives can introduce malware or allow unauthorized access to sensitive systems.
One of the key challenges organizations face in addressing these security risks is that they often lack visibility into which people and devices connect to their systems or how data is transferred, making policy enforcement more challenging. .
It's not just the security risks of malware that present a problem; The theft or loss of unencrypted data on removable media poses a significant risk, especially in highly secure environments.
How to keep malicious data from USB drives out of the system
Mitigating these risks requires a multi-layered security approach that combines technical and policy-based solutions. Real-time monitoring of devices is essential; Any USB connected to a system should be scanned for malware and suspicious activity, allowing threats to be detected before they compromise the network.
Data sanitization plays a key role in this process. By cleaning files transferred over USB, organizations can remove any hidden malware or malicious content, ensuring only secure data enters their network.
For organizations in the CNI sector, a more robust solution could include isolated systems combined with a cybersecurity kiosk that scans and disinfects all incoming and outgoing media. Clean all files of malicious content using Content Disassembly and Reconstruction (CDR) techniques and place them in isolated and secure data vaults. Only sanitized and validated data from these vaults is allowed access to operational technology networks. These systems ensure that any device entering a secure environment is first cleared of potential threats, adding an extra layer of protection.
Controller access and policies are key
In addition to these technical controls, policy measures governing the use of removable media are a vital component of a strong defense.
Organizations should implement strict controls over which USB devices can access critical systems and regulate the types of files that can be transferred to any removable media. By limiting access to authorized personnel and approved data, companies can minimize the risk of devices compromising their network. Policies and procedures should require that any USB drive be scanned and its contents sanitized before allowing its data into organizations. This can be achieved at scale using a dedicated scanning kiosk app.
Education of employees and supply chain partners is also crucial. The root cause of USB-based attacks is often traced back to human error, such as the use of unsecured or unauthorized devices, and comprehensive training can help mitigate these risks. Users should be taught about encryption, the dangers of using unknown USB devices, and best practices for safely ejecting devices to avoid data corruption or malware. In high-risk sectors, regular audits of how USB drives are used and how security protocols are followed can further strengthen an organization's defenses.
Keep USB drives on the cybersecurity agenda
USB devices remain a major security threat, especially in sectors where they are essential for data transfer. Even organizations that do not routinely use removable media in their workflows should be aware of the threat they pose.
A comprehensive approach that combines real-time monitoring, device control, and data sanitization, along with strict access policies and user education, will cover all the bases and minimize the chances of falling victim to USB-borne threats.
We have rated the best identity management software.