CAPEC-449 - Malware Propagation via USB Stick

An attacker loads malicious code onto a USB memory stick in order to infect any supply chain-relevant machine which the device is plugged in to. This initially infected machine could then propagate the infection to products moving through the supply chain process. USB drives present a significant security risk for business and government agencies. Given the ability to integrate wireless functionality into a USB stick, it is possible to design malware that not only steals confidential data, but sniffs the network, or monitor keystrokes, and then exfiltrates the stolen data off-site via a Wireless connection. Also, viruses can be transmitted via the USB interface without the specific use of a memory stick. The attacks from USB devices are often of such sophistication that experts conclude they are not the work of single individuals, but suggest state sponsorship.

Severity

Likelihood

Confidentiality

Integrity

Availability

Access to the system containing the ATA Drive so that the drive can be physically removed from the system.