Skip to main content

Home USB drop attack

USB drop attack

USB drop attack definition

A USB drop attack is a method used by attackers to trick individuals into plugging a malicious USB drive into their computers. This technique is a form of social engineering attack where the attacker relies on the target's curiosity or lack of awareness.

The attacker loads a USB drive with malicious software (malware, spyware, ransomware, etc.) and leaves the USB drive in a public location, such as a parking lot, hallway, or cafeteria. The USB drive may be labeled with something enticing to pique the finder's curiosity. When an unsuspecting person finds the USB drive, they may plug it into their computer to see what's on it. Once the USB drive is connected to the computer, the malicious software can automatically install itself onto the system, compromising the device.

See also: BadUSB, cyberattack

Dangers of a USB drop attack

  • Malware infection. This could be anything from adware that causes annoying pop-ups to spyware that tracks your keystrokes or ransomware that encrypts your files and demands payment for their release.
  • Data theft. Once malware is installed, it could enable the attacker to steal sensitive data from your system. This could include personal information, financial details, or business secrets.
  • System control. Some forms of malware allow the attacker to gain control over your system. They could then use your computer to launch further attacks, use your internet connection for illegal activities, or use your system resources.
  • Network compromise. If your computer is part of a larger network, such as at a workplace, a successful USB drop attack could give the attacker access to the broader network.
  • Destruction of data or system. Certain types of malware, like wipers or destructive ransomware, can cause significant harm by deleting files or making the system unusable.