Got a USB device? Be wary where you plug them as they could be compromised!

?The most familiar way for your company or business to be targeted for an attack is through the internet –whether through browsing an infected site or through infected files attached to emails.  Unbeknown to most, there is a simpler but lesser-known approach that is often ignored — compromised USB devices.

USB devices like USB flash drives are very common nowadays because of their affordability and ease of use.  Unfortunately, USB devices can get infected by plugging these devices into compromised devices or from untrustworthy devices that have been manipulated by hackers to extract data and create havoc.  This makes these devices the perfect tools to compromise your computer and data.

According to researchers from the Ben-Gurion University of the Negev in Israel, there are 29 different types of USB attacks that can be classified into four categories depending on how the attack is carried out:

A) By reprogramming the USB’s device internal microcontrollers like Teensy or Arduino devices
B) By reprogramming the USB device’s firmware to run malicious actions such as downloading malware or extraction of data.
C) By leveraging on the flaws of the operating system and how it interacts with USB protocols
D) USB-based electrical attacks

Here are some of the common types of USB attacks.
Reprogrammable microcontroller USB attacks

Rubber Ducky – this is a keystroke injection attack wherein the compromised USB device has a preloaded keystroke sequence.  Keystroke sequence could change system settings, open backdoors, retrieve data or basically anything that can be achieved with physical access to the host device without the user knowing.

PHUKD/URFUKED (Programmable Human Interface Device (HID) USB Device) – it is adaptive and it is a remote delivery of keystrokes, so an attacker can select the best time to execute the attack, and choose the most appropriate method at the moment of execution.

Maliciously reprogrammed USB peripheral firmware attacks

Smartphone-Based HID Attacks – Just like the first 2 above but this one uses a malicious Android device that is capable of simulating USB keyboard and mouse devices, allowing attackers to stealthily send predefined commands and simulate malicious interactive user activities.

Hidden Partition Patch – a reprogrammed USB flash drive that acts like a normal drive but with a hidden partition in the storage that cannot be erased with a quick formatting, allowing the attacker to secretly extract and store data.

Boot Sector Virus – use of a malicious USB flash drive that infects a machine before it boots.

Attacks based on unprogrammed USB devices

Data Hiding on USB Mass Storage Devices – a method of hiding malware or files in a USB flash drive so that it is virtually undetectable by the computer or the user.  Once the infected USB is attached to a computer, the malware is released thus infecting the host computer.

AutoRun Exploits – a hacker can use the autorun feature found in most computers to automatically execute malware without any user interaction. This method was used mostly on older computer software versions.

USB Thief – a Trojan malware that uses only USB devices for propagation, and it does not leave any evidence on the compromised computer.  This trojan is stored as a file used by a portable application.  Once the portable application is being used, the malware runs in the background.

Electrical Attack

USB Killer (power surge attack) – a USB stick that stores up power and releases the stored power through the USB wires creating a power surge and destroying sensitive components of a computer.

USB attacks can range from simple to complex, so be cautious where you plug your USB devices and use only trusted devices as it might end up being compromised.  This means that USB devices can be used to infect your companies systems and covertly steal data from protected networks.

To further ensure business continuity, Globe Business, the enterprise information and communications technology arm of Globe Telecom, has embarked on a cybersecurity campaign called #makeITsafePH to educate and inform businesses on the best way to protect their data.

Globe Business also provides best-in-class cybersecurity tool sets, hardware, software, and even niche technology that allows businesses to mitigate security threats before they happen, and recover in the event that they do.

Here are some of the Cybersecurity services that Globe Business offers:

Anti-DDoS

Maintain seamless communication between you and your customers. Anti-DDOS protects your online services by keeping your servers up and running with Distributed Denial of Service (DDoS) protection.

Managed Enterprise Firewall (Ent FW)

Enjoy the convenience of a fully managed service with comprehensive perimeter protection. Managed Ent FW features real-time visibility that allows for quick identification and validation of potential threats to your network.

Managed Security Information and Event Management (SIEM)

Easily see through data noise, quickly respond to emerging threats, and cost-effectively maximize protection while maintaining regulatory compliance. With Managed SIEM, we can help you choose and fully staff the right SIEM system, control costs, and detect new threats to your security.

Managed Security Testing (MST)

Discover your vulnerabilities and be informed about the consequences of a possible exploitation. With MST, gain insights on security weaknesses and other vulnerabilities that you need to address to reduce risk from cyber attacks—all through a single security testing platform.

Managed Unified Threat Management (UTM)

Achieve full defense and protection for your network. Managed UTM offers a comprehensive set of integrated network security technologies suited for your business needs.

Web Application Firewall (WAF)

Get real-time, continuous security against attacks and data loss. WAF provides assurance that your web applications operate as they should and are compliant with industry regulations.

Secure Email Gateway (SEG) Cloud

Safeguard information with advanced email protection. SEG Cloud eliminates threats before they reach the network and provides centralized email security for all environments.

For more information on the latest cyber security trends and solutions, visit http://business.globe.com.ph/solutions/cybersecurity.html or contact a Globe Business Account Manager.

#makeITsafePH