Dark Mode

Settings

Capec-457 Detail

USB Memory Attacks

Detailed Software Hardware Likelihood: Low Typical Severity: High

Parents: 456

Threats: T79 T287 T337 T391 T406

Description

An adversary loads malicious code onto a USB memory stick in order to infect any system which the device is plugged in to. USB drives present a significant security risk for business and government agencies. Given the ability to integrate wireless functionality into a USB stick, it is possible to design malware that not only steals confidential data, but sniffs the network, or monitor keystrokes, and then exfiltrates the stolen data off-site via a Wireless connection. Also, viruses can be transmitted via the USB interface without the specific use of a memory stick. The attacks from USB devices are often of such sophistication that experts conclude they are not the work of single individuals, but suggest state sponsorship. These attacks can be performed by an adversary with direct access to a target system or can be executed via means such as USB Drop Attacks.

Not present

External ID Source Link Description
CAPEC-457 capec https://capec.mitre.org/data/definitions/457.html
CWE-1299 cwe http://cwe.mitre.org/data/definitions/1299.html
T1091 ATTACK https://attack.mitre.org/wiki/Technique/T1091 Replication Through Removable Media
T1092 ATTACK https://attack.mitre.org/wiki/Technique/T1092 Communication Through Removable Media
REF-379 reference_from_CAPEC https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1-draft2.pdf Jon Boyens, Angela Smith, Nadya Bartol, Kris Winkler, Alex Holbrook, Matthew Fallon, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (2nd Draft), 2021--10---28, National Institute of Standards and Technology (NIST)
Explore

  1. Determine Target System: In certain cases, the adversary will explore an organization's network to determine a specific target machine to exploit based on the information it contains or privileges the main user may possess.

    2. Techniques
    If needed, the adversary explores an organization's network to determine if any specific systems of interest exist.
Experiment

  1. Develop or Obtain malware and install on a USB device: The adversary develops or obtains the malicious software necessary to exploit the target system, which they then install on an external USB device such as a USB flash drive.

    2. Techniques
    The adversary can develop or obtain malware for to perform a variety of tasks such as sniffing network traffic or monitoring keystrokes.
Exploit

  1. Connect or deceive a user into connecting the infected USB device: Once the malware has been placed on an external USB device, the adversary connects the device to the target system or deceives a user into connecting the device to the target system such as in a USB Drop Attack.

    2. Techniques
    The adversary connects the USB device to a specified target system or performs a USB Drop Attack, hoping a user will find and connect the USB device on their own. Once the device is connected, the malware executes giving the adversary access to network traffic, credentials, etc.
  1. Some level of physical access to the device being attacked.
  2. Information pertaining to the target organization on how to best execute a USB Drop Attack.

Not present

Not present

Not present

Not present

We use cookies to ensure you get the best experience on our website.