USB Switchbalde is designed to silently recover information from Windows systems, such as password hashes and IP information, in addition to browser history and auto fill data, such as that used for online banking, or payments systems. The tool will also create a ghost admin account, which can function as a back door to the system if it is not behind the firewall.
This new threat is similar to the USB Dumper hacking tool that Centennial issued a warning for in October. However, whereas Dumper is a tool installed on a PC designed to silently steal files off a USB stick, Switchblade operates in the reverse way, taking data off the PC and enabling thieves to create a back door into the system.
According to Centennial Software, organisations need to be ever vigilant as thieves develop more creative and ingenious ways to steal both personal and corporate data. USB Switchblade is particularly clever as it is capable of not only stealing information such as user names and passwords, but can also set up a back door for thieves to enter the PC and selectively take data.
In order to protect themselves against malicious attacks utilising USB access points, organisations can implement security software, such as Centennial’s DeviceWall solution, to control access to data via USB ports.