Leave That USB Where You Found It

Written By Mary Landrum

You come across a thumb drive, or USB drive that you don’t recognize. Maybe you find it in the parking lot of your building or by the copier in the office. You’re curious or you want to plug it in to identify where to return it. Don't do it!

Transcription:

You come across a thumb drive, or USB drive that you don’t recognize. Maybe you find it in the parking lot of your building or by the copier in the office. You’re curious or you want to plug it in to identify where to return it. So, you just plug it in real qui- NO!!! DON’T DO IT!!! It could have germs!

No seriously! Check out this example. The Stuxnet malware virus that hit an Iranian nuclear facility got its start through a USB drive containing malware. From there the virus could reach the computers controlling the centrifuges, causing them to spin too fast and become damaged. The attackers couldn’t get in directly, as the computers were on a disconnected network, so they left a USB thumb drive for the employees to find. And guess where they found this USB… In the parking lot.

Now, you might be thinking, "but I’m not an Iranian nuclear facility." WRONG!!!... Well, I’m sure you’re not… but you could be. What I mean by this is just because you think you don’t have information worth stealing, that doesn’t prevent cybercriminals from wanting to access your network and systems. USB drives are just one more way that bad actors can do so.

And it’s proven a pretty effective strategy. In fact, one study found that 60 percent of people were likely to connect random flash drives found near their building. And if the business logo was on the drive, the number went up to 90 percent.

You might be wondering how cybercriminals could even use USB drives to do something like… break down an Iranian nuclear facility. Well here’s how!

Hackers can pre-program USBs to act maliciously once connected to the network. They might:

·       steal a user's data;

·       gain access to the user’s keyboard;

·       monitor the user’s screen;

·       encrypt user data in exchange for a ransom;

·       spread an infection.

Most of these can happen without the user even knowing it, as the malware runs in the background.

So… how do you keep your business safe from infected USB drives? First, never insert unknown flash drives into your computer. Hackers will try to take advantage of human curiosity or a person’s desire to help in order to sneak these flash drives into your company.

It's also good to use different flash drives for personal and professional computers. This helps cut the chances that you’ll spread an infection from one to the other.

You might also enable security measures on USB drives, such as fingerprint authentication. This, and keeping computer software and hardware up to date, can cut vulnerabilities. Also, keep your malware and anti-virus protections current, and patch regularly.

Windows users can also disable the Autorun function. This prevents Windows from automatically opening removable media immediately upon insertion.

Call us at (614) 233-1648 to contact our experts if you suspect a security threat or want to update your security posture. We're here to help!

Mary Landrum
Previous

The Power of Rebooting
Next

Don’t Use Public Wifi Until You Hear This