In this Security Spotlight, we’ll be talking about how you can monitor USB usage using simple Windows logs (MITRE ATT&CK® Technique T0847).
What Threat Do USB Drives Possess?
USB drives, despite their convenience, present a significant threat as a potential vector for malware, leading to data breaches if not appropriately managed. While their portability and widespread usage make them a significant risk across all environments, they stand out as a common attack vector in OT/ICS environments.
The infamous Rubber Ducky exemplifies this risk: masquerading as an innocuous USB device, it empowers attackers to disrupt and exploit compromised systems. Educating end users to avoid picking up random USB drives in parking lots or refrain from blindly trusting USBs borrowed from friends is all well and good. However, even with such precautions, preventative measures, especially education, are never 100% effective.
Malware Risks within USB Drives
The primary source of these risks lies in a USB drive’s ability to easily transport and spread malware. A malicious actor can implant malware into a USB drive. When this infected USB is plugged into an OT/ICS system, it can rapidly spread, disrupting operations and potentially causing data leakage...Read More!
