USB drop attacks are a less common but still effective method used by hackers. Even if you have an air-gapped (never connected to internet) computer or device, it can still be infected. By training yourself and your employees on cybersecurity threats, you can prevent many threats to your business continuity.
USB Drop Attacks
USB thumb drives containing the hacker’s payload are dropped or left in areas around the business. Areas would have to be accessible to traffic. The USB’s can be dropped in the front entranceways, public bathrooms on the countertop or next to the toilet. They might also be left on the counter near reception areas or in parking areas. Hackers using this method rely on humans finding the USB and plugging them in to a computer within the network. Seems unlikely that anyone would do that, right?
In 2016, a Black Hat researcher dropped 297 thumb drives around different areas of the college campus. Of the 297, 290 were picked up. 135 (45%) were plugged in to a device. For a hacker, having only 1 plugged in to a device can be considered a success.
Defend Your Network
You can defend your network against this type of cyberattack. Here’s how:
- Enact and enforce policies and procedures against employee use of thumb drives or portable media.
- Train your employees to spot USB thumb drives and identify the threats posed by them.
- Immediately report any found USB thumb drives to your IT staff or supervisors.
- Keep your antivirus and/or antimalware solutions up to date.
- Have a solid backup/disaster recovery solution in place.
We hope the information provided here was helpful. We are always ready and available to assist you defend your network. Never pay a hacker for your data. Make A Better Choice for your business.