Proliferation of BadUSBs threatens the security of organizations

• The cybersecurity company S2 Grupo has explained that this type of device is being used for illicit purposes by individual cybercriminals, cybercriminal groups and insiders.

• Under the guise of a simple pen or charging cable, they have the ability to connect to computers and begin to develop actions to install malware or steal information, among others.

• S2 Grupo has highlighted 7 recommendations to protect us from BadUSBs and insisted that if we notice that a USB starts executing commands at high speed, it is very likely that we are victims of a cyberattack.

The Valencian company S2 Grupo, specialized in cybersecurity and critical systems management, has warned that BadUSBs are becoming one of the most used techniques to carry out cybercrime actions and infect companies and organizations with malware.

BadUSBs may look like a simple USB or charging cable, for example, but they are actually a hardware board that pretends to be a keyboard when connected to a device. By doing this, it can type and execute commands at maximum speed without the user noticing. As noted by the experts at S2 Group, once connected, it executes these scripts (programming language used to manipulate and automate the installations of a system that already exists) as if they were user-entered keystroke sequences. In addition, some models include Wi-Fi capabilities, allowing attackers to control it and upload scripts remotely through a captive web portal.

And through this action, it allows access to company information, install malware, execute malicious commands or steal data, among other options, generating serious financial and reputational losses.

"It is very important to keep in mind that BadUSBs are not a problem in themselves because they can be used by IT security professionals for educational purposes or to perform security tests andchecks. The problem is not the device, it is the purpose for which it is used and cybercriminals are using it to infiltrate systems and perform illicit actions", said José Rosell, managing partner of S2 Grupo.

In this situation, the cybersecurity company's team of experts has highlighted that these are some recommendations that can help us protect ourselves from malicious BadUSBs:

1. Disable the auto-run functionality on our devices.
2. Use security software that monitors and alerts on suspicious activities. 
3. Do not connect unknown USB devices.
4. Protect computers with passwords and make sure they are locked when not in use. 
5. Use Endpoint Detection and Response (EDR) solutions that detect anomalous behavior.
6. Perform device filtering and keystroke control.
7. Educate and train employees or users on the risks associated with the use of unknown USB devices. 

"Physically, it is very difficult to distinguish a BadUSB from a regular USB flash drive. In fact, the strength of these devices is that, because they have a 'normal' appearance, it is easier for the user to connect or use them, since the device is identical to any usual cable or pen. However, if we notice that a USB starts executing commands at superhuman speed immediately after being plugged in, it is a major red flag. Although EDR solutions can help in its detection, it is a current problem that needs further study to reduce or minimize its impact", said José Rosell.

S2 Grupo has pointed out that the profiles that are most often using this type of action for malicious purposes range from cybercriminals acting individually, to groups of cybercriminals and also 'insiders' (disgruntled employees who have confidential company information) who use these tools as revenge or for personal gain.