USB attack !

USB devices are very convenient. Whenever we want to store little amounts of data, we tend to use a USB stick. Nowadays almost everyone owns one and that we usually trust it to be safe. Nonetheless several of the offices have disabled the use of USB on their devices. USB keys are one of the common ways to do industrial spying, however, attacks against random civilians and firms also are common attacks can be done very easily even the victim won’t be aware that have been fully compromised.

Image retrieved from https://elie.net/blog/security/what-are-malicious-usb-keys-and-how-to-create-a-realistic-one/

How do they do it?  What are those attacks? Here is a list of the many things that can be done with a simple USB key:

  • Take remote control over the victim’s device
  • Spy on people through their webcam, microphone and keyboard (E.g.: screen share, webcam stream and keyscan dump)
  • Harvest credentials and personal information
  • Encrypting data and demand a ransom from the victim
  • Erase, modify or inject data and code
  • Destroy hardware
  • Stealing important documents

Once the attackers know their victim and what they need to do (as the list above), they must select the suitable load for their USB drive. They have a wide range of alternatives from ransomware to straightforward keyloggers. Devices that look like USB sticks can also be utilized. As an example, USB Killer is a USB thumb drive-looking device that can send high-voltage through its USB port and damage hardware

Attackers can put themselves a malware inside a USB key, but they can also buy already ready USB key. For example, Rubber Ducky or Bash Bunny sticks, which performs more conventional attacks like reverse shell implementation, can be found for less than 100 euros.

USB RUBBER DUCKY

Image retrieved from https://blog.hartleybrody.com/rubber-ducky-guide/

 

BASH BUNNY

Image retrieved from https://lab401.com/products/hid-emulator-bash-bunny

 

Be aware that any kind of device with a USB port can be used to spread malware.

Then the attackers need a way for their USB drive to be plugged in the victim’s machine. They can do it themselves or use social engineering to make someone else do it without this individual being aware of it. USB sticks can be dropped inside the streets(USB drop attack), in offices, put in the mailbox or given as a gift in the course of events. As a commoner, they simply going to pick it up and use it. Who does not want a free USB?

When the USB stick is plugged in, malware will be executed immediately whereas other kinds need the user to click on a file to be surreptitiously launched. Malicious code can be hidden in directories, images or any sorts of files and the stick can even pose as a keyboard to avoid detection.

On a technical level, each stick contained a false link to a directory, a hidden nameless directory and an HTML file to track how many times the trap was activated. When the curious user clicked on the link, three things happened:

  • A PowerShell script is executed to find Wi-Fi passwords stored on the computer and send them to the attacker’s server.
  • A reverse shell is opened from the victim’s device, allowing complete control to the attacker.
  • The hidden directory is opened displaying random JPEG and PDF files to the victim so as not to arouse suspicion. This directory also contained the malicious files but those are not visible.

When these attacks run, the attacker will get the meterpreter session where the attacker can carry out the attacks from his hacking machine.

How to prevent ourselves from USB attacks?

  • Don’t plug it in if you find any dropped or unknown USB’s
  • Block USB ports
  • Disable USB ports
  • Analysing Devices
  •  Use no connection to LAN or WAN and no personal info
  •  Wipe it after
  • Red Team Deployments
  • Educating employees

Add comment