An adversary loads malicious code onto a USB memory stick in order to infect any system which the device is plugged in to. USB drives present a significant security risk for business and government agencies. Given the ability to integrate wireless functionality into a USB stick, it is possible to design malware that not only steals confidential data, but sniffs the network, or monitor keystrokes, and then exfiltrates the stolen data off-site via a Wireless connection. Also, viruses can be transmitted via the USB interface without the specific use of a memory stick. The attacks from USB devices are often of such sophistication that experts conclude they are not the work of single individuals, but suggest state sponsorship. These attacks can be performed by an adversary with direct access to a target system or can be executed via means such as USB Drop Attacks.
Description
Attack Execution Flow
Step 1
Explore[Determine Target System] In certain cases, the adversary will explore an organization's network to determine a specific target machine to exploit based on the information it contains or privileges the main user may possess.
If needed, the adversary explores an organization's network to determine if any specific systems of interest exist.
[Determinare il Sistema Target] In alcuni casi, l'attaccante esplora la rete di un'organizzazione per determinare una macchina target specifica da sfruttare in base alle informazioni in essa contenute o ai privilegi che l'utente principale potrebbe possedere.
Se necessario, l'attaccante esplora la rete di un'organizzazione per verificare se esistono sistemi di interesse specifico.
Attack Techniques
-
If needed, the adversary explores an organization's network to determine if any specific systems of interest exist.
Step 2
Experiment[Develop or Obtain malware and install on a USB device] The adversary develops or obtains the malicious software necessary to exploit the target system, which they then install on an external USB device such as a USB flash drive.
The adversary can develop or obtain malware for to perform a variety of tasks such as sniffing network traffic or monitoring keystrokes.
[Sviluppare o ottenere malware e installarlo su un dispositivo USB] L'avversario sviluppa o ottiene il software dannoso necessario per sfruttare il sistema target, che poi installa su un dispositivo USB esterno come una chiavetta USB.
L'avversario può sviluppare o ottenere malware per eseguire una varietà di compiti, come sniffare il traffico di rete o monitorare le digitazioni.
Attack Techniques
-
The adversary can develop or obtain malware for to perform a variety of tasks such as sniffing network traffic or monitoring keystrokes.
Step 3
Exploit[Connect or deceive a user into connecting the infected USB device] Once the malware has been placed on an external USB device, the adversary connects the device to the target system or deceives a user into connecting the device to the target system such as in a USB Drop Attack.
The adversary connects the USB device to a specified target system or performs a USB Drop Attack, hoping a user will find and connect the USB device on their own. Once the device is connected, the malware executes giving the adversary access to network traffic, credentials, etc.
[Connettere o ingannare un utente affinché colleghi il dispositivo USB infetto] Una volta che il malware è stato posizionato su un dispositivo USB esterno, l’avversario collega il dispositivo al sistema target o inganna un utente affinché colleghi il dispositivo al sistema target, come ad esempio in un USB Drop Attack.
L’avversario collega il dispositivo USB a un sistema target specificato o esegue un USB Drop Attack, sperando che un utente trovi e colleghi autonomamente il dispositivo USB. Una volta che il dispositivo è collegato, il malware si esegue, concedendo all’avversario accesso al traffico di rete, alle credenziali, ecc.
Attack Techniques
-
The adversary connects the USB device to a specified target system or performs a USB Drop Attack, hoping a user will find and connect the USB device on their own. Once the device is connected, the malware executes giving the adversary access to network traffic, credentials, etc.
Mitigations
Do Not Connect Untrusted Usb Devices To Systems Connected On An Organizational Network. Additionally, Use An Isolated Testing Machine To Validate Untrusted Devices And Confirm Malware Does Not Exist.
Ensure That Proper, Physical System Access Is Regulated To Prevent An Adversary From Physically Connecting A Malicious Usb Device Themself.
Use Anti-Virus And Anti-Malware Tools Which Can Prevent Malware From Executing If It Finds Its Way Onto A Target System. Additionally, Make Sure These Tools Are Regularly Updated To Contain Up-To-Date Virus And Malware Signatures.
Consequences
Consequence Information
{'impacts': [], 'impacts_translate': [], 'scopes': [], 'scopes_translate': []}