Bad USB Devices

Bad USB Devices

In recent years, a concerning method known as “Bad USB” devices has gained attention within the realm of cybersecurity. These devices exploit the innate trust that users often have in USB peripherals, such as flash drives and chargers, to carry out malicious activities. Bad USB devices are essentially USB devices that have been modified or designed to behave in malicious ways when plugged into a computer or other USB-enabled devices.

Kill them With Kindness

Employees are the greatest cybersecurity threat. Carelessness and negligence are the top two insider threats, concerning 71% and 68% of organizations, respectively (Insider Threat Report 2016). Hardware attacks exploit such weaknesses through extremely deceptive social engineering techniques to have their attack tool. Such as a manipulated Bad USB devices, brought inside the organization. Free iPhone chargers getting handed out at the local coffee shop might come as a pleasant surprise to an unwitting employee. But, by mindlessly accepting the “gift”, the employee has, in fact, picked up a malicious attack tool, a bad USB attack.

Bad USB Devices

Fin7 Hackers Strike Again-using BadUSB Devices to Target US Companies

In early 2022, the FBI announced that hardware attack tools got sent to various US entities (FIN7 hackers target US companies with BadUSB devices to install ransomware). This includes a US defense organization, disguised as an Amazon gift voucher in the form of a USB thumb drive. In addition to taking advantage of human greed, bad actors manipulate fear and uncertainty. These are two feelings especially prominent as the COVID pandemic continues to cause chaos.

Like in the Amazon example, the FBI found that perpetrators were fraudulently impersonating the US Department of Health and Human Services (HSS) and sending packages containing Bad USB devices, disguised as important COVID guidelines. Whether disguised as a gift or containing important information, the benign appearance of the device trumps any cautionary instincts… And a 30% increase in USB usage in 2020 means attackers have a good chance of success (Significant Increase In USB Threats That Can Cause Costly Business Disruptions).

Too Good to be True? It Probably Is

Now, you might be thinking that, despite the likelihood of an employee unwittingly using a Rogue Device, there are security solutions in place to counteract any successful social engineering attempts. Well, here is where the problem gets worse. Bad USB devices and other manipulated bad USBs impersonate legitimate devices. Going undetected by existing security solutions, such as EPS, EDR, XDR, DLP and IDS. The lack of physical layer visibility means such security tools cannot identify the malicious device. Instead recognizing it as the legitimate device it impersonates. By exploiting the visibility blind spot, the device is free to send keystrokes that can execute a malware payload, steal confidential data, move laterally throughout the network, and more.

Attackers are finding value in manipulated USBs, with threats designed for USB exploitation increasing by 37% in 2020. For any organization, this is a significant risk. But for critical infrastructure entities, such as the US defense company, the risk impacts national security. In fact, critical infrastructure is highly susceptible to hardware based attacks as manipulated USBs are the only entry point into air-gapped networks, according to research by ESET.


Employees are highly vulnerable to social engineering techniques, meaning enterprises must implement security solutions to provide an extra layer of protection. However, current security software fails to detect Bad USB devices and other Rogue Devices due to a lack of Layer 1 visibility. This leaves a massive hole in defense capabilities.

Sepio’s solution provides a panacea to gaps in device visibility to ensure you are getting the most out of your cybersecurity investments. Sepio integrates with existing solutions, such as NAC, EPS, SIEM and SOAR, to enhance the enterprise’s cybersecurity posture. Sepio’s deep visibility capabilities mean no device goes unmanaged; the solution identifies, detects, and handles all IT/OT/IoT devices. Moreover, the solution’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or rogue hardware. In doing so, Sepio enables a Zero Trust Hardware Access approach, which stops attackers at the first line of defense.

While we can’t stop the appeal of an unexpected gift, we can stop the threats that such a “gift”, a bad USB attack, poses to cybersecurity.

See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks.

January 10th, 2022