USB Threats 101 in 2025: From Bad USB to Lost Drives – Mitigations That Work

Introduction – why USB security still matters

Remember when USB drives were simply a way to shuffle your files from one computer to another? Today those tiny plastic sticks and cables are a serious security concern. Honeywell’s 2024 USB Threat Report found that removable media were used in more than half of targeted malware attacks; about 51 % of malware attacks are designed for USB devices, a six‑fold increase compared with 2019. The same report noted that 31 % of industrial malware incidents specifically targeted control systems via USB media, and 82 % of malware samples could disrupt operations. Attackers recognise that busy professionals often trust a USB stick handed to them at a conference or plug into a public charging port without thinking twice. In 2023 the FBI even warned people to avoid public charging stations, because compromised ports can inject malware into phones or laptops. As threat actors like China’s Camaro Dragon and Russia’s Gamaredon exploit USB drives to infiltrate organisations, USB security has become a frontline issue for individuals and businesses alike.

This guide demystifies USB threats in 2025, from BadUSB firmware hacks to lost drives. You’ll learn how these attacks work, why they’re so effective and, more importantly, how to counter them with practical steps. We’ll also cover robust solutions such as NewSoftwares’ USB Secure and USB Block, and we’ll finish with answers to common questions. By the end, you’ll be able to safeguard your data without becoming paranoid.

2025 update – the problem isn’t going away

Honeywell’s latest report on operational‑technology (OT) cybersecurity provides sobering numbers for 2025. In the first quarter of 2025 the company’s Secure Media Exchange (SMX) platform detected 1,826 unique USB threats, including 124 never‑before‑seen malware families, demonstrating that adversaries continue to innovate. Honeywell’s incident response team noted that one out of every four incidents they handled involved a USB plug‑and‑play event, and they saw a 3,000 % increase in detections of the W32.Ramnit worm compared with the previous quarter. Ransomware remains a major risk: researchers recorded 2,472 potential ransomware attacks in Q1 2025, representing 40 % of 2024’s annual total. These statistics highlight that USB threats remain pervasive and that many incidents begin with a simple act of plugging in a drive.

The threat landscape is also evolving in sophistication. State‑aligned groups are now developing geofenced USB worms that only execute in specific regions, while AI‑driven BadUSB devices can analyse a host environment and craft a customised payload on the fly. The following sections explore how these modern attacks work and how to defend against them.

How attackers weaponise USB devices

Keystroke‑injection (Rubber Ducky) attacks

A malicious USB device doesn’t always pretend to be a storage drive. In a keystroke‑injection attack, a device behaves like a keyboard and rapidly executes commands when plugged in. The Coro cybersecurity blog notes that attackers preload these devices with scripts that execute upon insertion, allowing them to run commands or install malware. This class of attack is often associated with “Rubber Ducky” devices, which look like ordinary USB sticks but emulate a human interface device. Redmondmag explained that these devices can simulate keyboard input to bypass monitoring software and plant malware. Because the operating system trusts HID devices, keystroke‑injection attacks can evade traditional antivirus solutions.

Mitigations

• Disable or restrict HID class devices. Many endpoint security suites allow administrators to block new HID devices by default. Only approved keyboards and mice should be permitted.
  
• Educate employees about the dangers of plugging in unknown devices. User awareness is still one of the most effective defences.
  
• Use port‑control software such as USB Block. These tools prompt for a password when a new device is connected and allow only whitelisted devices.
  

BadUSB and firmware reprogramming

Unlike simple keystroke emulation, BadUSB attacks modify the firmware of a USB device itself. The DataLocker blog describes how attackers alter the firmware of USB devices to insert malicious code or change their behaviour. Because firmware is executed at a low level, these devices can impersonate keyboards, network adapters or other peripherals, making detection difficult. Coro’s article notes that compromised USB devices may perform keystroke logging or spread malware when plugged into a system.

In 2021 the FBI observed the FIN7 criminal group sending packages containing an Amazon gift card and a USB stick labelled “LilyGO.” When inserted, the device automatically injected keystrokes to download and run malware, leading to ransomware deployment. These BadUSB devices demonstrate how a seemingly innocent promotional gift can compromise an entire network.

Mitigations

• Purchase hardware from reputable vendors. Avoid unknown brands or devices provided as gifts unless you can verify their origin.
  
• Disable automatic driver installation. Configure systems to ask for approval before new hardware drivers are installed.
  
• Endpoint security and device control. Tools such as USB Block log all USB activity and prompt for authorisation , preventing a compromised device from running silently.
  
• Use encrypted USB drives with tamper‑evident firmware. FIPS‑certified drives offer cryptographically signed firmware, making reprogramming difficult.
  

USB drop attacks and social engineering

Attackers sometimes rely on human curiosity instead of technical wizardry. In a USB drop attack, they scatter infected USB drives in public places or mail them to targets. According to Coro, unsuspecting users pick up these drives and insert them, executing malware that compromises their system. The DataLocker article notes that attackers disguise drives as lost items, exploiting the innate urge to investigate a found object.

Mitigations

• Strict USB policies. Only authorised drives should be used inside an organisation. Unknown drives should be handed to IT for inspection.
  
• Disable AutoRun. On Windows, disable the AutoRun feature to prevent immediate execution of malicious programs.
  
• Educate users. Encourage staff to report suspicious USB devices instead of plugging them in.
  

Lost drives and data breaches

Not all USB incidents stem from attackers. Losing an unencrypted USB stick can be just as damaging. Personal data, customer information or proprietary documents stored on an unprotected drive can be easily accessed by whoever finds it. By some estimates, mislaid USB drives are involved in thousands of data breaches each year. The DataLocker article emphasises that encrypted USB devices ensure sensitive data remains protected even if the device is lost or stolen. USB Secure from NewSoftwares [https://www.newsoftwares.net/] goes a step further by letting you add lost‑and‑found contact information on the drive so a finder can return it.

Mitigations

• Encrypt drives. Use built‑in tools like BitLocker (Windows) or FileVault (macOS) to encrypt entire USB drives. Alternatively, use portable encryption software such as USB Secure.
  
• Label drives with contact info. Include a return address or phone number on the drive or within USB Secure’s lost‑and‑found feature.
  
• Adopt a data‑minimisation policy. Never store sensitive data on portable media unless absolutely necessary. Use secure cloud storage or VPNs to transfer files instead.
  

USB killers and power‑surge attacks

“USBKillers” are devices that store electrical charge in capacitors and then discharge it back into a computer’s port, destroying hardware. Redmondmag reports that these small devices use the USB 5‑volt supply to accumulate a high voltage, which they send back to the target system, rendering it inoperable. While less common than malware‑based threats, these attacks can permanently damage valuable equipment.

Mitigations

• Avoid unknown USB cables or charging ports. Do not borrow random chargers or cables; supply your own.
  
• Physical port blockers. Use inexpensive plastic port covers to prevent unauthorised devices from being inserted.
  

Juice‑jacking at public charging stations

When you plug a phone into a public charging station or someone else’s laptop, you’re not just drawing power; you’re also establishing a data connection. This opens the door for juice‑jacking – attackers compromise charging ports to install malware or steal data. The FBI cautioned against using public charging stations because they might be “compromised by bad actors”. Modern mobile operating systems have started mitigating this: the latest versions of Android disable data transfer by default when charging via USB.

Mitigations

• Use a USB data‑blocking adapter (sometimes called a “USB condom”) that allows only power lines through and blocks data pins.
  
• Charge from AC outlets with your own wall adapter and cable whenever possible.
  
• Disable data transfer on your phone when using an unfamiliar computer or charger (both iOS and Android provide options for “charge only”).
  

Emerging malware campaigns and AI‑augmented USB threats

Attackers continue to innovate with both malware families and cutting‑edge hardware. This section first introduces high‑profile campaigns that spread via removable media and then explores the rise of AI‑enabled devices and geofenced worms.

The classic autorun virus that automatically executed a file from a flash drive is largely extinct, but it has been replaced by far more sophisticated techniques. In 2025 security researchers warn that attackers are blending hardware hacking with artificial intelligence to create BadUSB devices that behave like intelligent agents. An August 2025 analysis explains that these AI‑augmented devices can profile the target system, execute fileless attacks in memory and wipe their own tracks, making them extremely difficult to trace. Unlike a static autorun malware that stored malicious binaries on the drive, a modern BadUSB is essentially a tiny computer that pretends to be a keyboard, injects keystrokes and tailors its payload based on what it discovers.

Attackers are also taking advantage of geofencing. IBM’s X‑Force team recently uncovered SnakeDisk, a USB worm deployed by the China‑aligned Mustang Panda group. This worm executes only on devices with IP addresses from Thailand and stealthily moves files on the USB drive into a sub‑directory before delivering the Yokai backdoor. By detecting new devices and seeding them with a disguised executable, the worm spreads to additional systems when the infected drive is plugged in elsewhere. The targeted nature of this attack underscores that nation‑state actors are refining USB malware to hit specific regions or industries.

How AI‑augmented BadUSB attacks work

Modern BadUSB attacks operate in stages. First, the attacker physically delivers the device — it may be dropped in a parking lot or mailed as a promotional gift. Once plugged in, the device announces itself as a keyboard or combination peripheral, bypassing software that blocks storage drives. It then runs a reconnaissance script entirely in memory, gathering information about the operating system, logged‑in user and security tools. Based on this context, the on‑board AI chooses the most effective payload, injects keystrokes to execute commands and establishes a command‑and‑control channel. Finally, it cleans up by deleting command history and other forensic artefacts. The device can even change its hardware ID to appear as different peripherals, further confusing investigators.

Why these attacks are hard to trace

AI‑augmented USB attacks evade detection through multiple mechanisms. They rely on fileless in‑memory execution, leaving no malware files on disk. Their polymorphic payloads differ for each target, meaning there is no single hash or signature to look for. The devices perform context‑aware anti‑forensic cleanup, selectively deleting just the logs and command histories they created. Because the operating system inherently trusts hardware, endpoint detection and response (EDR) agents often cannot distinguish between a real keyboard and a malicious one.

Defensive strategies

Defending against AI‑augmented USB threats requires multiple layers. The first is strict device control: implement policies that block all unauthorised USB devices and only allow whitelisted hardware IDs. Solutions like USB Block help enforce this by prompting for a password whenever a new device connects and by maintaining an authorised list. The second layer is advanced behavioural analytics in endpoint detection products. Modern EDR systems can recognise impossibly fast typing or command execution without a corresponding mouse action and flag this as anomalous HID behaviour. Third, organisations should centralise logging so that even if a device clears local logs, a copy remains off the endpoint for forensic review. Finally, continuous security awareness training is essential: employees must know never to plug in unsolicited devices.

Comparing classic and AI‑augmented USB threats

Attack type	Mechanism	Detection difficulty	Recommended defences
Classic autorun malware	Stores malicious files on the drive; leverages AutoRun.inf to execute when inserted.	Moderate – antivirus signatures can detect known malware; disabling AutoRun mitigates it.	Disable AutoRun, use antivirus, encrypt data on the drive.
Keystroke‑injection (Rubber Ducky)	Emulates a keyboard and executes hard‑coded commands quickly.	Harder – commands appear as legitimate keystrokes; no files on disk.	Block new HID devices by default, implement port‑control software, educate users.
BadUSB firmware hack	Reprograms USB firmware to impersonate other devices or run malware.	High – firmware-level changes are invisible to software; can bypass OS checks.	Use trusted hardware, block unknown devices, apply firmware updates, employ port‑control tools.
AI‑augmented BadUSB	Uses on‑board AI to profile environment, run fileless attacks and erase evidence.	Very high – no static signature, polymorphic payloads, anti‑forensic behaviour.	Enforce strict device control, deploy behavioural EDR, centralise logging, train users, and consider physically blocking USB ports.

Notable malware campaigns and worm evolution

In recent years, multiple malware families have leveraged USB media to infiltrate industrial and enterprise networks:

• SOGU – part of the TEMP.Hex espionage arsenal, SOGU uses infected flash drives to steal sensitive documents and credentials.

• SNOWYDRIVE – a campaign targeting energy and oil companies in Asia; it installs a backdoor via USB and can spread laterally across OT networks.

• WispRider – a worm capable of jumping between air‑gapped systems using USB devices, highlighting that physical separation alone is not enough.

• W32.Ramnit resurgence – Honeywell observed a 3,000 % spike in detections of the Ramnit worm on industrial networks in early 2025. Ramnit, originally tied to banking fraud, now propagates via USB and remains effective because older vulnerabilities remain unpatched.

• Raspberry Robin – once a simple USB‑propagating worm, it has evolved into an elite initial access broker. Early campaigns used .LNK shortcuts disguised as folders, which launched the malware via cmd.exe and msiexec.exe. By 2024–2025 the operators diversified their distribution methods (phishing emails, malvertising and trusted cloud services) while still monitoring removable drives to infect new hosts. Security researchers recommend disabling AutoRun and restricting USB devices to counter this worm.

• SnakeDisk – a geofenced USB worm used by the Mustang Panda threat actor. It runs only on devices with Thailand‑based IP addresses and hides the victim’s files in a sub‑folder while dropping the Yokai backdoor. SnakeDisk demonstrates that state‑sponsored actors are customising USB worms for specific regions.
  

These campaigns, alongside new AI‑augmented attacks, show that removable media remains a preferred vector for espionage, ransomware and reconnaissance. Controlling USB ports and encrypting drives is therefore a non‑negotiable practice.

Essential USB security practices for 2025

USB threats span multiple categories, but most mitigations fall into a few core practices. The following best‑practice list synthesises advice from Honeywell’s report, DataLocker’s security recommendations and various security experts.

1. Implement endpoint security and port control – Deploy software that monitors, logs and controls what devices can connect to endpoints. Coro recommends using endpoint security solutions that detect and block malicious devices and activities.

2. Educate employees and contractors – Training should cover the risks of unknown USB devices, social engineering and safe charging practices. DataLocker’s blog stresses that awareness remains a critical defence.

3. Disable AutoRun/AutoPlay – Windows systems should disable automatic execution of software from removable media, which helps prevent malware from running unnoticed.

4. Keep systems updated – Regularly patch operating systems and firmware to close vulnerabilities that attackers could exploit via USB.

5. Use encrypted USB devices – Encrypted drives protect data at rest. FIPS 140‑2 compliant drives provide tamper‑resistant firmware and strong encryption.

6. Whitelist trusted devices – Accept only approved USB devices. Use solutions like USB Block to maintain an authorised list and require a password for anything new.

7. Monitor and audit USB activity – Maintain logs of all USB connections and file transfer attempts. If an unauthorised attempt occurs, investigate promptly.
   

Why NewSoftwares’ USB Secure and USB Block are standout solutions

NewSoftwares offers two complementary tools: USB Secure, which encrypts and password‑protects the contents of USB drives, and USB Block, which controls which devices can connect to your computer. Both are designed for Windows environments and provide user‑friendly interfaces.

USB Secure – robust encryption for portable drives

USB Secure lets you protect data on a USB drive with a strong password without installing software on every host computer. According to FileHorse, the program hides all data on the drive and renders it “delete‑proof,” unlocking your files only when you enter the correct password. It uses 256‑bit AES encryption to secure entire drives or specific folders and works on FAT/FAT32/NTFS file systems. Importantly, the tool can be installed directly on the USB drive, so it doesn’t require admin rights on the host computer. FileHorse notes that USB Secure is available as a free trial with feature limitations and a paid version priced around $29.95 per licence, making it an affordable option for individuals and small businesses.

Key features

• Plug‑and‑play protection – When you insert a protected drive, USB Secure automatically prompts for the password before granting access.

• Virtual drive option – You can open locked files in a virtual drive rather than fully decrypting them, reducing the risk of data corruption if the drive is removed abruptly.

• Lost‑and‑found information – The software lets you embed contact details on the drive, enabling a finder to return it if lost.

• Auto‑lock and idle‑timeout – Protected data automatically locks when the drive is unplugged or idle for a specified period.

• Virtual keyboard – To thwart keyloggers, USB Secure includes an on‑screen keyboard for entering your password.

• Password recovery – If you forget your password, the program offers a recovery mechanism provided you’ve set security questions.
  

USB Secure is available as a free trial, allowing you to test its capabilities with limited file sizes, and a paid version costs about $29.95. Licensing discounts are offered for multiple devices, making it cost‑effective for small organisations.

How to use USB Secure

1. Insert your USB drive. Launch USB Secure from the drive or download it from NewSoftwares’ site.

2. Create a master password and optionally set up security questions for password recovery.

3. Select the drive or folders you wish to protect and click Protect to encrypt them.

4. Accessing your data – To unlock, insert the drive, launch the app and enter your password. You can either open the files in a virtual drive or unlock them completely.
   

With these steps, even if you drop your flash drive in a coffee shop, whoever finds it will see nothing without your password and cannot delete or format the protected data.

USB Block – device control and data‑leak prevention

USB Block focuses on controlling which USB devices can access your computer and logs all connection attempts. NewSoftwares’ blog explains that the program prompts for a password whenever an unauthorised device connects, ensuring your data remains secure. Trusted devices can be added to an authorised list, exempting them from the password prompt. The software blocks USB devices by default and lets you customize which device types are allowed.

FileHorse’s review highlights several advanced features: device whitelisting, data‑leak prevention, password protection, stealth mode and activity monitoring. Stealth mode hides the program from the system tray and task manager so attackers cannot easily disable it. Centralised control allows administrators to manage USB policies across multiple machines.

How to configure USB Block

1. Download and install USB Block from NewSoftwares and run the installer.

2. Set a password when prompted. This password will be required to approve new devices.

3. Launch the Control Centre and navigate to the Control Center tab. Here you can manage devices you do not trust.

4. Default blocking – The program blocks all USB devices and ports by default. You can deactivate this feature or configure custom blocking for specific device types (e.g. only block external hard drives or smartphones).

5. Add trusted devices by plugging them in and selecting Remember (add to Authorised List) on the password prompt. Once whitelisted, these devices will not prompt for a password.

6. Block non‑system drives – Use the “Block Non‑System Drives” option to prevent access to non‑system partitions.

7. Enable stealth mode and hack monitoring – In program options you can hide USB Block’s interface and log invalid password attempts or uninstall attempts.
   

Why USB Block stands out

The 2025 update of USB Block adds several powerful features:

• Granular device control – You can block not only USB drives but also ports, disc drives, Blu‑ray discs and other removable media.

• Data leakage management console – A dashboard that shows attempted file transfers and blocked devices, helping security teams analyse potential leaks.

• Encrypted password creation – Strong, 256‑bit encrypted passwords protect the control console from tampering.

• Hack attempt monitoring – The program logs and alerts administrators if someone enters the wrong password or tries to bypass the software, giving visibility into attempted intrusions.

• Stealth mode – Hides itself from the system tray and Task Manager so that attackers cannot easily disable it.

• Trusted device exemption – Once whitelisted, devices bypass the password prompt, making day‑to‑day use frictionless.

• Non‑system drive blocking – Protects additional partitions and removable drives, preventing data exfiltration from secondary internal drives.

• Centralised management and reporting – Administrators can apply policies across an organisation and view comprehensive reports on USB usage.

• Cross‑device compatibility – Supports all popular drives and devices (flash drives, external HDDs, SD cards, phones) while running in Safe Mode.

• Lightweight and user friendly – The software is easy to configure, with an intuitive interface; however, the UI could benefit from a makeover.
  

USB Block is priced at about $49.95, a modest one‑time cost compared with enterprise device‑control solutions. The downside is that it runs only on Windows; macOS or Linux environments will need alternative solutions. Overall, USB Block remains a strong contender for small businesses and individuals seeking robust port control without enterprise complexity.

Together, USB Secure and USB Block form a comprehensive defence: encrypted storage plus strict port control. Their combination stops data leakage if a drive is lost and prevents malicious devices from interacting with your systems.

Alternative methods for securing USB data

While NewSoftwares’ tools provide convenient solutions, there are several other methods to secure USB drives. Below is a comparison table summarising common approaches.

Method	Key features	Suitable for
BitLocker (Windows)	Built‑in full‑disk encryption for removable drives; integrates with OS; supports hardware TPM for key storage; user must remember password or recovery key.	Windows users needing free encryption and comfortable managing recovery keys.
FileVault (macOS)	Full‑disk encryption for macOS; protects USB drives when used in combination with encrypted disk images; simple user interface.	Mac users looking for integrated solutions.
Dedicated encrypted drives	Hardware‑encrypted drives (FIPS 140‑2 compliant) with keypad or biometric unlock; tamper‑resistant firmware.	High‑security environments and regulated industries.
Open‑source tools (VeraCrypt/Rohos)	Create encrypted containers on USB drives; cross‑platform; free; requires installation on host.	Privacy enthusiasts comfortable with configuration and carrying software with the drive.
USB port blockers	Physical plastic covers that prevent devices from being inserted; inexpensive.	Environments where physical port access must be restricted.

Tutorial: Encrypting a USB drive with BitLocker

1. Insert the USB drive into a Windows machine running Windows 10 or newer. Right‑click the drive in File Explorer and select Turn on BitLocker.

2. Choose how to unlock – you can use a password or a smart card. Select a strong passphrase.

3. Select encryption mode – for removable drives, choose Compatible mode so the drive can be used on older systems.

4. Save your recovery key in a safe location. This is crucial if you forget the password.

5. Start encryption. Wait until the process completes before removing the drive.

BitLocker provides strong encryption but doesn’t control which devices can connect to your computer. Combining it with port‑control software such as USB Block offers layered protection.

Tutorial: Using an encrypted hardware drive

1. Purchase a FIPS‑certified drive from a reputable vendor. Many models include a keypad for entering a PIN.

2. Set a PIN following the manufacturer’s instructions. Use a number you’ll remember but that isn’t easily guessable.

3. Copy data to the drive normally. The encryption happens transparently on the hardware.

4. Eject and unplug the drive when not in use. If someone finds it, the data remains inaccessible without the correct PIN.

Hardware encryption eliminates software dependence and ensures the drive’s firmware is tamper‑resistant. However, it doesn’t help if an attacker plugs a BadUSB device into your computer – you still need port protection.

Troubleshooting common USB security issues

Even with the right tools, you may encounter problems. Here are some common issues and how to resolve them.

BitLocker won’t enable on a USB drive

• Drive formatted as FAT32? BitLocker requires NTFS for some features. Reformat the drive (after backing up data) as NTFS.

• Group policy restrictions – In corporate environments administrators may have disabled BitLocker. Ask IT for assistance.

• TPM requirements – Although removable drives don’t need a TPM, your system may still enforce policy. Use the “password only” option if TPM is unavailable.

USB Block or Secure isn’t working

• Forgotten password – For USB Secure, use the built‑in password recovery provided you set security questions. For USB Block, the only recovery is using the master key provided with your licence; contact NewSoftwares support if lost.

• Device not blocking – Ensure USB Block is running in the background. In stealth mode it may be hidden; use the hotkey specified during installation to bring up the interface.

• Trusted devices still prompt – Double‑check that they are in the authorised list. Reconnect the device and select Remember on the prompt.

Encrypted drive won’t open on another computer

• No software installed – Some tools require their software to be installed on the host. USB Secure avoids this by residing on the drive itself, but tools like VeraCrypt do not. Install the necessary software or choose a portable encryption solution.

• Operating‑system compatibility – USB Secure works only on Windows. For macOS or Linux, use cross‑platform encryption such as VeraCrypt.

Unexpected password prompts from port blockers

• Firmware update required – After major OS updates, device‑control software sometimes needs an update to recognise new device identifiers. Check the vendor’s website.

• Multiple admins – On multi‑user machines, ensure that other accounts aren’t modifying USB policies behind your back. Use centralised management to maintain consistency.

Frequently asked questions

1. Are USB attacks really still happening in 2025? Yes. Honeywell’s latest OT cybersecurity report detected 1,826 unique USB threats in Q1 2025, including 124 never‑before‑seen malware families, and their incident response team handled USB plug‑and‑play events in one out of every four incidents. More than half of the malware detected by Honeywell in 2024 targeted USB devices. Groups like Camaro Dragon, Gamaredon and Mustang Panda continue to exploit removable media.

2. What is a Rubber Ducky attack? It’s a keystroke‑injection attack where a USB device acts like a keyboard and runs commands on a target system. These devices can bypass monitoring software and plant malware.

3. How does a BadUSB device work? A BadUSB attack involves rewriting the firmware of a USB device. When plugged in, the device can emulate another peripheral or run malicious code. The FBI observed FIN7 using BadUSB devices disguised as Amazon gift cards to inject malware.

4. What is a USB drop attack? Attackers leave infected USB drives in public spaces or mail them to targets. Unsuspecting users pick them up and plug them in, executing malware.

5. Is juice‑jacking a real threat? While there haven’t been many public cases, the FBI and security experts warn that compromised charging ports can steal data or install malware. Newer Android versions disable data transfer by default when charging.

6. Does encryption prevent firmware attacks? Encryption protects the data stored on a drive but does not stop a USB device from acting maliciously via its firmware. To mitigate firmware attacks, use trusted hardware and port‑control tools like USB Block.

7. Can I use USB Secure on macOS or Linux? No. USB Secure is designed for Windows and isn’t compatible with Mac or Linux. Use cross‑platform encryption tools like VeraCrypt or hardware‑encrypted drives instead.

8. What happens if I lose my USB Secure password? If you set up security questions during installation, you can recover your password. Without recovery questions, your data may be permanently inaccessible.

9. How do AI‑augmented BadUSB attacks work, and how can I defend against them? AI‑augmented devices are tiny computers that act like keyboards. They profile the host, run fileless attacks in memory and delete their tracks. To defend against them, enforce strict device control (whitelisting hardware IDs), deploy behavioural EDR that can detect anomalous typing speeds and centralise logging so that tampering can be detected.

10. Do I need both USB Secure and USB Block? Using both offers layered security: USB Secure protects the data on the drive, while USB Block prevents unauthorised devices from connecting to your computer. Together, they protect against lost drives and malicious devices.

11. Are hardware‑encrypted drives better than software solutions? Hardware encryption is tamper‑resistant and doesn’t rely on host software; however, it can be more expensive and doesn’t control which devices can access your computer. Combining hardware‑encrypted drives with USB Block provides strong security.

12. What should I do if I find a USB stick in my office parking lot? Treat it as suspicious. Do not plug it into a production machine. Hand it to IT or security personnel for analysis.

13. How can organisations enforce USB policies across many computers? Solutions like USB Block offer centralised management, allowing administrators to deploy policies and monitor activity across multiple endpoints. Group policy and endpoint management tools can also enforce encryption requirements and disable AutoRun features.

14. Are there risks with USB‑C hubs and adapters? Yes. Any device that plugs into a port can potentially act maliciously. Purchase hubs and adapters from reputable vendors and avoid unknown cables. Consider disabling “Thunderbolt Direct Access” on systems that support it unless needed.

15. Can attackers use USB devices to bypass two‑factor authentication? In some cases, yes. A compromised HID device could approve prompts or enter codes if a user is inattentive. Always verify 2FA prompts and avoid plugging in unknown devices.
    

Conclusion – layered defence is key

USB‑based attacks have evolved from simple autorun viruses to sophisticated firmware hacks, AI‑driven BadUSB devices and geofenced worms. The latest Honeywell data shows a surge of 1,826 unique USB threats in Q1 2025 and a 3,000 % spike in worm detections. Clearly, attackers are still focusing on removable media and adapting their tactics. Fortunately, you have multiple ways to protect your data. Combining user education, system configuration (disabling AutoRun, updating software), encryption, and device control creates a robust defence. Tools like USB Secure and USB Block provide practical solutions: encrypting your drives and restricting which devices can connect. Alongside best practices, they help ensure that your USB ports remain gateways for productivity—not entry points for cybercriminals.