IT’S JUST A USB STICK… WHAT HARM CAN IT DO?
A lowly USB stick, just laying there in the entrance of your work place or in the car park. What harm can it do if you pick it up and put in your pocket?
Not much I hear you say!
Later on, in the day, the curiosity gets the better of you……you take the small plastic cover off the drive and calmly insert it into one of the many USB slots on the laptop or PC work station.
Click, click and click again, overriding the threat protection systems on Windows defender, MAC or other antivirus, antimalware programme that your IT people have installed!
What harm can it do? There may be important information contained with in the files. It might be a USB drive dropped by a politician, or military secrets worth £millions and you can cash in by being a loyal and good citizen and handing it in to the right authorities.
WAS IT LEFT THERE ON PURPOSE…
More often than not, this scenario has caused chaos and mayhem within organisations as Cyber Criminals have deliberately planted lost USB drives with viruses and malware that allow hackers to gain access to passwords and corporate data that can be seized for ransom and to make demands to large sums of money from businesses and organisation alike.
Criminals are well aware of the human factor in conducting a successful off line attack of this nature.
The viruses, ransomware and malware embedded in the files or documents that you may look through is not always be apparent, should you decide to have a peek at the USB drive that you may have picked up from outside.
BETTER SAFE THAN SORRY…
FACT – The United States government, too, has fallen victim to flash drive attacks.
In 2008 an infected flash drive was plugged into a US military laptop in the Middle East and established “a digital beachhead” for a foreign intelligence agency. The malicious code on the drive spread undetected on both classified and unclassified systems enabling data to be transferred to servers under foreign control.
USB drives are a paradox for industry. They play leading role in how operational environments function, but can also cause incidents if they are managed or handled improperly. They are also one of the most coveted means of attack by cyber criminals.
In any organisation, standardising the types of storage devices that are used daily, along with people training of the significance of NOT inserting random USB sticks into company devices and also by locking down or disabling USB slots on computers will help reduce the threats of company networks being attacked by malicious worm programmes.
There is also a risk of USB Memory sticks being stolen, viruses, worms or other malicious software being embedded and then returned without any detection. USB drives are used extensively in many, many applications including in industrial automation.
To combat the problem, technology companies have been developing a new breed of USB devices with PIN codes and Cloud Management systems for the issue and tracking of any memory sticks throughout a company……but this still will not stop the 45% of employees who find a memory stick in the car park from plugging it to their network device.
So, education, education, education is the most important lesson as well as locking down devices as much as possible.
MAXIMUM NETWORKS
Get in touch with the Maximum Networks team team today on 0330 102 7444 or using our contact form