USB Flash Drive Malware

USB Malware

USB drives have been around for over 20 years, offering users a convenient method to store and move files between computers that aren’t digitally connected to each other.

Cyber threat actors have routinely abused this capability with the most famous example being the ‘world’s first digital weapon,’ the Stuxnet worm first discovered back in 2010, which used USB devices to attack the network of an Iranian nuclear facility.

In 2017, a Kaspersky Lab data study revealed that every year around one in four USB users across the globe are affected by a ‘local’ cyber incident. This can refer to breaches that result from viruses that are present on the user’s computer or are introduced by infected removable media.

How Do USB Devices Get Infected with Malware?

It’s possible to come across both unintentional and intentional infection. The Stuxnet worm is an example of the latter, where someone uploads malicious code onto the drive with the intention of filtering the code into the targeted network.

Unintentional infection might occur when someone plugs an unprotected USB into a poorly safeguarded system in an internet cafe, airport or anywhere with poor public endpoint security (which is about 70% of places). You may detect the virus sometime after you’ve plugged the device into your machine, but there’s no telling what damage may have already been done.

How to Defeat USB Drive Malware: Software Security

Write Protectors – If your USB drive doesn’t include a hardware switch for write protection, then you should be using a software write protector, such as USB Write Protect 2.0. A software write protector will effectively prevent any data from being deleted as well as protect the device from malware being written onto your drive.

USB Anti-Virus – If you have write protection enabled, there is still a possibility of contracting a virus when you go to transfer files, so it makes sense to use a decent USB anti-virus such as ClamWin.

Encryption – If you’re looking to protect your privacy by securing your data, you could install an encryption program like VeraCrypt or BitLocker to Windows for password protection on your USB device. This means that even if someone has access to your device, it will make it much harder for them to retrieve sensitive information or hide malicious files inside your existing files and folders.

Protect Your Host Device – If your device is unintentionally infected, you probably won’t know about it immediately. The best thing to do is to protect yourself from the outset by installing software that will inform you if your removable device is infected with malicious malware. USB Firewall will protect your computer from third-party programmes introduced from a USB device by running in the background and informing you of suspicious activity.

Self-Destruct Flash drives, such as Ironkey, will ‘self-destruct’ if the password is entered incorrectly too many times. There are also some flash drives which are configured to delete files after a certain period.

Hardware Encryption – If you need to transfer serious data onto a flash drive, you could opt for a flash drive with 128-bit AES hardware encryption. Hardware encryption is often considered a better option than software encryption since it doesn’t carry the same risk of getting hacked.