The Big BadUSB

BadUSB Devices

The execution of a successful cyberattack often relies on preceding social engineering tactics. Phishing is one such example, and it receives widespread attention, both in the media and in enterprises’ cybersecurity efforts. However, with enterprises focusing their efforts on defending against quotidian attacks and social engineering techniques, cybercriminals turn to alternative methods. And, as attack methods change, so do the accompanying social engineering tactics.

Kill them with kindness

Employees are the greatest cybersecurity threat. Carelessness and negligence are the top two insider threats, concerning 71% and 68% of organizations, respectively. Hardware-based attackers exploit such weaknesses through extremely deceptive social engineering techniques to have their attack tool, such as a manipulated USB, brought inside the organization. Free iPhone chargers getting handed out at the local coffee shop might come as a pleasant surprise to an unwitting employee. But, by mindlessly accepting the “gift”, the employee has, in fact, picked up a malicious attack tool.

BadUSB Devices

Fin7 hackers strike again-using BadUSB devices to target US companies

In early 2022, the FBI announced that hardware-based attack tools got sent to various US entities. This includes a US defense organization, disguised as an Amazon gift voucher in the form of a USB thumb drive. In addition to taking advantage of human greed, bad actors manipulate fear and uncertainty. These are two feelings especially prominent as the COVID pandemic continues to cause chaos. Like in the Amazon example, the FBI found that perpetrators were fraudulently impersonating the US Department of Health and Human Services (HSS) and sending packages containing BadUSB devices, disguised as important COVID guidelines. Whether disguised as a gift or containing important information, the benign appearance of the device trumps any cautionary instincts… And a 30% increase in USB usage in 2020 means attackers have a good chance of success.

Too good to be true? It probably is

Now, you might be thinking that, despite the likelihood of an employee unwittingly using a Rogue Device, there are security solutions in place to counteract any successful social engineering attempts. Well, here is where the problem gets worse. BadUSB devices and other manipulated USBs impersonate legitimate devices, going undetected by existing security solutions, such as NAC, EPS, IDS, or IoT Network Security. The lack of Layer 1 visibility means such security tools cannot identify the malicious device, instead recognizing it as the legitimate device it impersonates. By exploiting the visibility blind spot, the device is free to send keystrokes that can execute a malware payload, steal confidential data, move laterally throughout the network, and more.

Attackers are finding value in manipulated USBs, with threats designed for USB exploitation increasing by 37% in 2020. For any organization, this is a significant risk. But for critical infrastructure entities, such as the US defense company, the risk impacts national security. In fact, critical infrastructure is highly susceptible to hardware-based attacks as manipulated USBs are the only entry point into air-gapped networks, according to research by ESET.

Conclusion

Employees are highly vulnerable to social engineering techniques, meaning enterprises must implement security solutions to provide an extra layer of protection. However, current security software fails to detect BadUSB devices and other Rogue Devices due to a lack of Layer 1 visibility. This leaves a massive hole in defense capabilities.

Sepio’s Hardware Access Control (HAC-1) solution provides a panacea to gaps in device visibility to ensure you are getting the most out of your cybersecurity investments. HAC-1 integrates with existing solutions, such as NAC, EPS, SIEM and SOAR, to enhance the enterprise’s cybersecurity posture. HAC-1’s deep visibility capabilities mean no device goes unmanaged; the solution identifies, detects, and handles all IT/OT/IoT devices. Moreover, HAC-1’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or rogue hardware. In doing so, HAC-1 enables a Zero Trust Hardware Access approach, which stops attackers at the first line of defense.

While we can’t stop the appeal of an unexpected gift, we can stop the threats that such a “gift” poses to cybersecurity.

Leave a Reply