Home > CAPEC List > CAPEC-457: USB Memory Attacks (Version 2.10)  

CAPEC-457: USB Memory Attacks

 
USB Memory Attacks
Definition in a New Window Definition in a New Window
Attack Pattern ID: 457
Abstraction: Detailed
Status: Draft
Completeness: Hook
Presentation Filter:
+ Summary

An attacker loads malicious code onto a USB memory stick in order to infect any system which the device is plugged in to. USB drives present a significant security risk for business and government agencies. Given the ability to integrate wireless functionality into a USB stick, it is possible to design malware that not only steals confidential data, but sniffs the network, or monitor keystrokes, and then exfiltrates the stolen data off-site via a Wireless connection. Also, viruses can be transmitted via the USB interface without the specific use of a memory stick. The attacks from USB devices are often of such sophistication that experts conclude they are not the work of single individuals, but suggest state sponsorship.

+ Attack Prerequisites
  • Some level of physical access to the device being attacked.

+ References
[R.457.1] [REF-31] Information Technology Laboratory. "Supply Chain Risk Management (SCRM)". National Institute of Standards and Technology (NIST). 2010.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Updated Description SummaryInternal
More information is available — Please select a different filter.
Page Last Updated or Reviewed: May 01, 2017