Security Issues: USB Malware Attacks

This week, learn how to protect yourself and your computer from USB drive attacks! For this One-Minute Wednesday, Waleed Afzal will be talking about a common attack vector for malware: malicious users leaving infected USB drives in public places, waiting for someone to pick them up and plug them in. Don’t miss out on learning how this works and how to avoid it!

Malicious USB Drives

Many of us have found USB flash drives lying around in public places. But what many people don’t know is that these “lost” USB drives could be a part of a malware attack. This type of attack has been around for a while, and the risks have not changed with time: about a decade ago, a group of security testers dropped 20 USB devices around the parking lot of a credit union. They found that fifteen credit union employees picked up a USB device and eventually plugged it into a computer, unwittingly running a program that communicated with an external server.

Some best practices:

First, you should never connect an unverified USB device to your computer. If you don’t know where it came from, there’s a good chance that a malicious user has loaded malware onto the drive, hoping someone will plug it in and allow it to infect or take over the computer. This follows similar logic as best practices for email security: you wouldn’t open an email attachment from an unknown or suspicious sender, and you should treat “lost” USB drives or other removable devices the same way.

Second, you should avoid leaving personal USB drives lying around in public places, as they can easily be stolen, compromised, and then returned to you. A trusted personal device can quickly become an attack vector—competent hackers only need a few minutes with a device to load it with malware.

Finally, if you see a file on your USB drive that you don’t recognize, avoid clicking on it. Malware is frequently disguised as known file types, like PDFs or Word documents, but once you open them they will run a script or executable program instead. The best course of action here is to immediately delete any unrecognized files, or at the very least spend some time virus scanning them before opening.

Stay safe out there, and don’t forget to think before you click!


More Posts

Cup of IT: Share Files Securely with Microsoft 365

Microsoft 365 offers valuable features and capabilities to ensure your files are protected and are only accessed by the right people. On this episode of Cup of IT, we’ll be discussing how to safely, smartly and easily share and receive files in Microsoft 365.

Cup of IT: Sending Secure Emails with Microsoft 365

Microsoft 365 comes with several built-in security features that allow your organization to manage how sensitive information is handled via email. On this episode of Cup of IT, we’ll be discussing how to send secure emails using sensitivity labels, email encryption, and the do-not-forward options in Microsoft 365.

Clean Your Inbox with Outlook Folders

Using Outlook folders is a great way to begin relieving the stress of managing your inbox. On today’s One-Minute Wednesday, you’ll learn how to create customizable folders that can automatically categorize your email, giving you a better experience with your inbox.

Blocking Senders in Microsoft Outlook

Tired of junk mail getting past your built-in spam filter? You can quickly and easily train your junk folder in Microsoft Outlook. On today’s One-Minute Wednesday, Sean Mountain will show you how to mark email as junk and block senders, giving you more power over what shows up in your inbox!