Most of us have an altruistic nature and when we find something that doesn’t belong to us – such as a USB flash drive – we tend to want to identify the rightful owner. In the case of the USB flash drive, the only way to do this is to plug in the device into your computer. For everyone else reading these who is more included to say “finders-keepers,” the result is the same – the USB flash drive gets inserted into a USB port.

In either scenario, if that USB flash drive contains malicious software, you’ll have wished you just dumped the device into the trash bin. Consider these two real-life illustrations:

  • In 2020, Trustwave reported that a U.S. hospitality provider was the target of a USB flash drive attack, which occurred after the company received a fake Best Buy gift card in the mail, along with a USB flash drive. The accompanying letter instructed the company that a list of items the gift card could be used for could be accessed on the thumb drive.
  • Security company Kaspersky say crooks secretly planted USB devices on computers at big European banks in 2017 and 2018, causing millions of dollars in damages.

USB Attacks You Never Want to Encounter

If that USB flash drive you insert into your PC does, indeed, contain malware, you will likely be victim of one of four types of attacks launched against the PC – and possibly the network: Malicious code attack, social engineering attack, HID (Human Interface Device) spoofing attack, or – in the worst-case scenario – a Zero Day attack. For more information on these types of attacks, read our blog, The Cybersecurity Dangers of USB Flash Drives.

When it comes to cybersecurity best practices, USB flash drives – as well as other removable media and devices, including external hard drives and smartphones – must only be inserted into your computer if you know and trust the source. Never assume that a found flash drive was actually lost; it may have been planted there by a cyber attacker whose motive is to take down your computer or network and possible hold your data for ransom. Ransomware has become a cottage industry, with experts estimating the cost of such attacks worldwide will go beyond $265 billion in the next decade

Follow These USB Flash Drive Safety Tips

Plugging or inserting only trusted removable media or devices into your computer is the best protection against a USB flash drive attack, but there are six other preventive measures you should also take.

  1. If you haven’t done so already, install and run antivirus software on your computer.
  2. Disable auto-run features on your computer. When auto-run is enabled, programs will automatically run once a device is connected to your computer.
  3. Delete data on your computer, media, or device once its usefulness has expired. Redundancy of data results in more potential risks.
  4. Use a data blocker, which is a physical cybersecurity device that blocks all data connection to a USB port while allowing the port to be used for charging. Our favorite is the Smart Keeper Smart Data Blocker.
  5. Use strong passwords and change them if you ever think they’ve been compromised.
  6. To reduce the temptation of plugging anything into your open USB ports, block access to them with USB port locks. Smart Keeper carriers an entire line of this nifty little devices, starting at two bucks each.