A lowly USB stick, just laying there in the entrance of your workplace or in the car park. What's the harm of you pick it up and put it in your pocket? Not much, I hear you say ...
USB drives are a real conundrum for the security industry!
Later on, in the day, the curiosity gets the better of you and you take the small plastic cover off and calmly insert it into one of the many USB slots on the laptop or PC work station. Click, click and click again, overriding the threat protection systems on Windows defender, macOS or another antivirus/antimalware programme that your IT people have installed.
"What harm can it do?"
There may be important information contained within the files. It might be a USB drive dropped by a politician, or military secrets worth millions of pounds and you can cash in by being a loyal and good citizen and handing it into the authorities.
More often than not, this scenario has caused chaos and mayhem within organisations as Cybercriminals have deliberately planted 'lost' USB drives with viruses and malware that allow hackers to gain access to passwords. Corporate data can then be seized for ransom and to make demands to large sums of money from businesses and organisation alike.
"Criminals are well aware of the human factor in conducting a successful offline attack of this nature!"
The viruses, ransomware and malware embedded in the files or documents that you may look through is not always apparent, should you decide to have a peek at the USB drive that you may have picked up from outside.
The United States government itself has fallen victim to flash drive attacks. In 2008 an infected flash drive was plugged into a US military laptop in the Middle East and established a digital 'beachhead' for a foreign intelligence agency. The malicious code on the drive spread undetected on both classified and unclassified systems enabling data to be transferred to servers under foreign control.
USB drives are a real conundrum for the security industry. They play a leading role in how operational environments function, but can also cause incidents if they are managed or handled improperly. They are also one of the most coveted means of attack by cybercriminals.
I'm sure you've seen many a Hollywood movie of a hacker plugging in a USB drive, automatically downloading folders of confidential documents, pulling out the USB drive again and running out of the building. The stolen data is then used by the hacker 'heroes' to bring the victim down a peg or two!
In any organisation, standardising the types of storage devices that are used daily, along with people being trained about the significance of not inserting random USB drives into company devices will help reduce the threats of company networks being attacked by malicious worm programmes. Locking down or disabling USB slots on computers will help too.
There is also a risk of USB drives being stolen, viruses, worms or other malicious software being embedded and then returned without any detection. USB drives are used extensively in many, many applications, including industrial automation. One quote from a manufacturing company indicated that, "We prefer to take the risk of using USB drives rather than take the risk of blocking production".
To combat the problem, technology companies have been developing a new breed of USB drive with PIN codes and Cloud Management systems for the issue and tracking of any memory sticks throughout a company.
But this will not stop the 45% of employees who find a memory stick in the car park and plug it into their work computer just because they're curious. So, education, education, education is the most important lesson as well as locking down your computers as much as possible.
To USB or not to USB? It's a real question.
Until next time ...
PRITESH GANATRA
Would you like to know more?
If anything I've written in this blog post resonates with you and you'd like to discover more, it may be a great idea to give me a call on 01604 926100 or take a look at my website which you can find by clicking here.
The word 'Technology' has too many connotations in today's world!
Where do we start? Simple terms like 'IT' and 'Telecoms'? or terms that appear NOT to have an actual meaning at all!, e.g. 'Internet of Things (IoT).
Technology also encompasses specialist products and services like 'Rugged' and 'Tough' android devices, Lone Worker Software, panic alarm devices, smart energy devices, low energy lighting, credit card terminal (PCI DSS) security, indoor/ outdoor Wi-Fi systems, Ultrafast Gigabit internet connectivity, access control systems, industrial IoT circuit controllers.
BTS UK can consult from simple solutions to the most complex, provide some of the products through a wholesale channel, bring together a multi-disciplined 'Task Force' to deliver and implement complete Technology 'projects'.
I am your technology problem solver and I look forward to helping you.
No unauthorised use, duplication, distribution or modification to any original content contained within this blog is permitted without prior written permission of the author. All other trademarks and registered names are acknowledged.