In 2015, the USB Killer was created. If you plugged it into your laptop, your laptop fried. That’s definitely a threat, but the person who created the USB doesn’t gain anything directly. Malware allows them to possibly steal from you but frying it just annoys you and costs you money and time. That doesn’t actually benefit the creators of the USB Killer directly though.
On the other hand, criminals have mailed malicious USBs pretending they were Best Buy gift cards. Call it snail mail phishing or old school phishing. The malicious USBs were reprogrammed to use an attack called the BadUSB attack. That attack could have installed malware
The USB was actually being sold by a company in Taiwan. Anyone could have bought one and used it by enticing the victim to insert the USB. “Free Gift card!” or “Family Photographs!” or any other enticing label to convince people to plug it in. That’s all it took, just plugging it in.
USB drives hold more and are more powerful than the old CDRoms or floppy disks, but the downside is they’re also a vector for attack. Not that the others weren’t vectors of attack, I was once hit with a boot sector virus from a floppy disk. The complexity of USB drives adds to the power of the attack though.
The USB drive is a Digital Threat of Hardware. DTRAP has a special issue planned on the Digital Threats of Hardware, we invite you to submit.