Description: C:\Users\Gimode\Desktop\LOGO\CAK LOGO-01.jpg

National KE-CIRT/CC Cybersecurity Best Practice Guide of the Week

 

 

In This Issue:

*        Using Caution with USB Drives

 

 

 

 

 

 

 

 

 

 

USING CAUTION WITH USB DRIVES

 

What is a USB drive?

*  Just as many and different our needs for external storage devices are, so are the USB drives.

*  USB Drives are external storage drives with a flash memory (a memory that can be electronically erased and reprogrammed) with a USB interface.

*  They come in different colors, shapes and sizes and capacities!

*  Also known as thumb drive, pen drive, jump drive, disk key, disk on key, flash-drive, or USB memory.

*  Leave alone having a malware, a USB can have a malicious firmware.

*     Malware – a software whose chief duty is disrupt, spy, force, damage or gain unauthorized access to computer or network. Malwares include; spyware, rootkit, ransomware, Remote Access Trojan (RAT), Trojan horse, worms, and viruses.

*     Firmware – is a software placed in a hardware to help control it to better the its’ performance.

 

Can a USB be use to perform an attack?

Yes. There are several attacks that can be carried out using a USB drive, namely;

 

i.             Human Interface Device (HID) attack.

-      Generally, a HID is a device used by humans to communicate with electronic devices e.g. a computer to inputs data or provide outputs. Examples of HIDs are Keyboards, pointing devices, webcam and speakers.

-      A USB Rubber Ducky Tool is a good example of a HID attack. it looks like a USB but is actually a Keyboard that types over 1000 words per minute. All Operating Systems recognize it as a Keyboard and allows it to auto run as a keyboard. All it’s inputs and request are met.

 

ii.           Social Engineering attack

-      It’s a normal USB drive containing HTML files. A malicious code is placed in the HTML file which would be automatically activated upon opening the HTML file.

-       For instance, it can download additional files form the internet or redirected to a phishing site and tricked into giving up their login credentials.

 

iii.        Zero-Day attack

-      Computer softwares and Operating Systems (e.g. Windows 10 developed and released by Microsoft) once developed and released, could have a vulnerability (an unintended flaw) that is unknown to developer.

-      The day it’s discovered is the zero-day, meaning the developer has zero days to fix the problem and issue it to their users in time to patch their softwares or OS. A zero-day attack occurs when a hacker carries out an attack before the vulnerability is fixed.

-      Using a USB, a zero-day attack can be carried out. E.g. Windows zero-day vulnerability that allows USB malware to run automatically even with Windows AutoRun and AutoPlay disabled.

 

Caution!

1.   Don’t collect nor plug in dropped USB drives into your computer. You could be a victim of USB drop attack.

2.   Physically block USB ports on sensitive computers, and restrict the type of USB authorized e.g. by using windows Policy or USBkill code in Windows-Based systems.

3.   Don’t open unknown files, neither give permission for installation of products downloaded when you opened a USB file or redirected to a certain site.

4.   Disable AutoRun and AutoPlay in your computer reducing the attacks possibility.

5.   Ensure your antivirus and anti-spyware are up-to-date.

6.   Ensure you perform firmware or system update regularly to avoid system vulnerability.

7.   Ensure your real-time system protection in up and running.

8.   Only install trusted softwares and avoid installing other softwares offered alongside your intended software.

 

Have the above security tips in mind when operating your computer systems. Report any cybercrime incident/activity

to  incidents@ke-cirt.go.ke. / www.ke-cirt.go.ke