Nowadays, it’s common to think of online threats when discussing cybersecurity. Online infections, avoiding the physical barrier, can penetrate any system connected to the Internet. On the contrary, USB flash drives must be connected manually to a device to execute the malicious code.
However, it would be a mistake to consider USB drives 100% safe. Like any other software device, they can be used for malicious purposes. A study reveals that people are very likely to pick up a random USB device lying on the ground and connect it to their devices. This poses a significant risk, which is best illustrated by an example.
In 2010, Iranian nuclear physicists and cybersecurity experts were in deep turmoil. Something was damaging their uranium enrichment infrastructure used to produce nuclear weapons. In media res, Iran lost about one-fifth of its nuclear capabilities, and the program was set back a few decades.
The code that destroyed their centrifuges is called Stuxnet. We recommend checking out cybersecurity journalist Brian Krebs’s blog post for a more detailed analysis. Stuxnet did not enter the Iranian nuclear facilities via the Internet. Instead, it was loaded onto USB flash drives that were placed strategically in hopes people would pick them up and connect to their devices.
Once connected to a device, Stuxnet executed an extremely sophisticated code. It verified the operating system information and searched for a connection to programmable logic controllers (PLCs) with Siemens Step7 software. Upon checking numerous other requirements, Stuxnet attempted to gain administrator-level privileges to take over PLC operations and ruin them.
Stuxnet perfectly illustrates the capabilities of USB flash infections. Contrary to online threats, they do not require an Internet connection. Facilities with nuclear capacities often are offline to protect them from virtual threats. However, USB malware often exploits human error and enters the system in an employee’s pocket.
It would be a mistake to consider USB drives harmless because they are not sophisticated. The first viruses were delivered via floppy disks that could barely contain a megabyte-and-a-half of storage space. USB infections are unique in the way they communicate with the operating system.
For example, many USB malware in early 2010 exploited the Microsoft Windows AutoRun feature. Here’s a practical example of creating a USB drive for Windows password hacking. Script kiddies frequently have fun flexing their lack of coding knowledge by creating such a drive – a perfect example of why you should never connect an unknown USB drive.
Many people use USB drives to transfer data across multiple devices comfortably. However, remember that your drive could catch an infection from the devices you connect it to. It’s best to avoid connecting it to unknown or work-related devices without cybersecurity personnel scanning it for issues.
Simultaneously, you don’t need professional oversight to take the initiative. You can check out our list of the latest secure USB drives to help you choose the correct one.
You can also use anti-virus software to scan your USB drive. In the end, a USB drive is a data storage unit making it exceptionally easy for AVs to detect viruses on it. We recommend regularly scanning your USB, especially if you used it across multiple devices in the recent past.
Another critical moment is data encryption. Encryption is the new golden standard for file security, without which contemporary cybersecurity would be impossible. Most Windows devices (starting from Windows 10) have in-built BitLocker encryption software. It will protect your data in case your device gets stolen.
Can you say the same about your USB flash? USB drives are filled with personal information or even work-related documents and are very easy to lose due to their small size. We recommend using USB encryption software to protect the data in case you lose it or it gets stolen. It’s especially important if you use your USB as an extra layer of security for password management or multi-factor authentication. Losing such a USB key could compromise your online safety and even lead to financial losses.
USB drives are exceptionally comfortable to use, and their benefits outweigh the risks. Like with all software devices, they must be properly secured. USB drives can infect entire networks if left unattended, and it’s best to triple-check before connecting any unknown USB device to your computer.
Luckily, there are many ways to secure them. Use USB data encryption, scan it with an AntiVirus, and always keep it close. These easy steps will prevent unnecessary troubles in the future.