Select your country

Not finding what you are looking for, select your country from our regional selector:


Hacking via USB keys: risk and protection

If USB keys have become a common and essential accessory for many professionals, this equipment actually presents itself as a formidable vector of attack.

Despite the fact that cybercriminals do not hesitate to use infected USB keys to infiltrate the information systems of French companies, this method of operation is still largely underestimated. This trend is most often explained by complacency and a lack of vigilance on the part of employees when faced with seemingly harmless devices.

What are the dangers of infected keys in business? And what operating procedure and preventive measures should be adopted? Analysis and decryption in this article.

How does this attack work?

The most common modus operandi used by cybercriminals is to make people believe that a USB key has been lost or that it seems to have been forgotten to fool employees. The scenarios observed are numerous: a USB key forgotten on a corner of the table, a key sent by post or even distributed during a conference, as was the case for IMB in 2010, which had distributed infected USB sticks without its knowledge.

In general, the user, driven by curiosity, decides to connect the key to their computer. This seemingly innocuous gesture can have serious consequences.
And for good reason, when the USB key is inserted, the malicious program present on the removable media executes, thus launching the detonation sequence of the malicious charge and the compromise of the machine.

This mode of action is unfortunately very widespread and now occupies the second position in the ranking of the most dangerous cyber threats.

Curiosity can sometimes outweigh reason, many employees succumb to the temptation of plugging in a USB key found, without being aware of the potential dangers. According to the study “ Users Really Do Plug in USB Drives They Find ” conducted by Google in 2016, in which 300 USB keys of different formats were knowingly hidden, it appears that 48% of people who found these keys picked them up and plugged them in.

Added to this is negligence on the part of users towards these media considered as consumables. Indeed, according to a study by cybersecurity publisher Apricorn, 87% of employees surveyed admitted to having lost a USB key used at work without informing their manager.

What are the consequences for your business?

Unsupervised use of USB media presents numerous risks for your business. Here is a list of different types of threats related to infected USB drives.

Theft of data and passwords

When the USB stick runs automatically, the malware present can exfiltrate sensitive data to a remote server. This data may contain passwords and confidential information on the victim's hard drive.

In this case, it is important to remember that companies have legal obligations in terms of protecting personal data. If a security breach reveals a failure by the company in terms of cybersecurity, this compromise may result in a sanction from the National Commission for Information Technology and Liberties (CNIL), in accordance with the application of the General Regulations on Data Protection (GDPR).

Remote control

The documents on the USB key may contain Trojan horse malware. Using this program, cybercriminals can exploit the infected computer and take control remotely, thereby gaining access to the company's internal network.

Destruction of the workstation

Some maliciously developed USB drives, known as USB Killers, are designed to instantly destroy the hardware they are plugged into. This material destruction is carried out by sending a high-voltage electrical discharge which has the effect of destroying the motherboard of the incriminated equipment.

Limit the risks of USB key infection with Malware Cleaner

An effective way to limit computer threats from infected USB keys is to use a clean station such as Malware Cleaner from Orange Cyberdefense.

A white station is a technological device in the form of a terminal or tablet, specially designed to analyze, detect, and eliminate threats present on USB media without leaving traces on the host system.

By inserting a USB key into the terminal, five antiviral search engines are activated simultaneously, offering protection against malware (adware, backdoor or backdoor, ransomware, spyware, trojan, etc.).

In case malicious files are detected, the white station deletes or quarantines them so that they cannot harm the host system.

With this in mind, the Malware Cleaner solution offers rapid and effective decontamination of USB drives against computer viruses and other malware while preserving the integrity of the business.

3 essential practices to reduce cyberattacks by infected USB keys

If having a white station helps limit cyberattacks via USB keys inside the company, its use does not protect employees outside of the company. This is why its use must be accompanied by the right daily practices.

Employee awareness and training

With the adoption of hybrid working, educating employees about the dangers of infected USB drives is essential.

Regular training can help recognize an infected USB key and adopt best practices to minimize risks.

In addition, and like phishing campaigns, organizing exercises in real conditions by disseminating fake USB sticks trapped within the company can prove useful.

Use of EDR and antivirus solutions

Enabling and keeping up-to-date security software on workstations such as antivirus and EDR is essential to detect and neutralize potential threats associated with infected USB drives. These tools should be configured to systematically scan USB devices when plugged in, allowing for early detection of malware.

Access control and security policy

The establishment of a security policy relating to the use of USB keys is necessary. Beyond disabling autorun when inserting USB media, access privileges to USB drives should be limited to appropriate employees to prevent unauthorized access.

In conclusion

Although USB key compromise acts are not widely reported, the threat is a serious one. If you want to learn more about how our Malware Cleaner white station works, don't hesitate to contact us.

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.