Home > Articles > Cisco Network Technology > General Networking > The Evolution of Evil: Changes in the Use of USB Devices as Delivery Mechanisms for Malicious Code

The Evolution of Evil: Changes in the Use of USB Devices as Delivery Mechanisms for Malicious Code

Article Description

The use of USB devices as a delivery mechanism for malicious code has grown significantly over the years, and a new evolution of USB attacks is now emerging. Microcontrollers and carefully crafted code are replacing simple USB flash drives. USB microcontrollers are small, capable of circumventing most malware detection software, and can deliver devastating payloads. Brad Bowers takes a closer look at this new attack vector and reveals some of the challenges IT security professionals face as the use of microcontrollers as an attack platform matures.
Patterns Begin to Form

Patterns Begin to Form

Attackers quickly discovered that they could use the Autorun functionality to their advantage, and an assortment of custom firmware and attack strategies were developed for certain USB drives. These types of modified drives, which are commonly known as "USB switchblades" or "USB Hacksaws," are easily made.

Because Microsoft operating systems prior to Vista and XP Service Pack 3 would automatically execute commands in the autorun.inf file, an attacker could potentially compromise a system simply by having the USB drive inserted into a target system. Attackers could use social engineering or surreptitious physical access to get the USB drive into a target machine.

This type of attack has enjoyed several years of success and is still a viable method today. Many different variations and methods of this attack are possible and have been widely documented. As the severity and potential impact from this type of attack became more widely known, security vendors started making tools that would detect USB hacksaw attacks. While this attack can still slip under some security monitoring tools, most modern versions of the Microsoft operating system have been patched against this type of attack and there is significant awareness of it.

3. Evil Has a New Face | Next Section Previous Section