New USB device poses security threat

Security_Aug05_CNew threats to the security of our computer systems and networks are uncovered on a near daily basis, which can make it quite a challenge to keep your systems completely secure. That’s why you need to keep abreast of potential new threats and stay up to date with your security software and services.

One of the latest issues to come to light is a device that can infect your computer when connected to a USB port. While USB threats aren’t anything new – USB thumb drives are well known to be used by some employees to copy and take important files with them when they leave the office – this latest threat is a little different. Hackers have now developed a USB stick that can bypass Windows Autorun features and infect your system.

How do these drives work?
As you may have noticed, when you connect a device like an external hard drive to your computer via the USB port, Windows will not run, or open the drive. Instead, you will get a window with a number of options, including things like “Open folder to view files,” “Download pictures,” “Play files,” etc. The reason for this is because hackers figured out years ago how to put a virus on a USB stick, which when plugged into the computer, would be auto run (started up) by Windows and infect the system.

Hackers have recently figured out how to trick this feature. What they have done is create a flash drive that looks like a USB memory stick. Only, when you plug it into a computer, Windows thinks it’s a plug-and-play peripheral like a keyboard, and will allow it to run automatically. There is memory on the stick, where hackers can write and store a virus or other malicious code, which will then run and infect the system.

There are four things to be aware of with these drives:

  1. They are cheap (ish) – These drives can be found on the Internet for less than USD$65, with some being as cheap as USD$40.
  2. They are fast – Some of these devices are able to run a script and infect a system in 50 seconds, and if they are re-mounted in the same system, could run a script within 30 seconds.
  3. They are multi system compatible – A few of these devices are advertised as being able to infect almost any system – Windows, Mac, and Linux.
  4. They aren’t easy to find – yet. While there are websites online advertising these drives, most users won’t be able to find them. Experienced hackers, on the other hand, can easily do so. Of course, anyone with enough patience can probably find them.

What does this mean for my company?
Because these devices are nearly indistinguishable from real memory drives, they are nearly impossible to spot. Since these drives are currently hard to find and infection rates are generally low, many companies probably don’t have to worry too much. However, you can bet that the drives will probably become more popular in the near future.

This doesn’t mean that you don’t have to be aware of the risk and understand that these drives exist. Some companies have started to take action by disabling USB drives, monitoring what employees plug into their drives and even providing employees with tamper-proof USB drives.

One thing you might have to concern yourself with is if you allow employees to bring in their own drives. In general, if you take steps to make sure that the drives being used are legitimate and approved by the company, this shouldn’t be much of a problem. Of course, keeping your security systems and anti-virus scanners up to date is always a good idea.

If you would like to learn more about this security threat and what you can do to stop it, including how we can help minimize risks, please contact us today to see how our systems can help you.

Published with permission from TechAdvisory.org. Source.

Facebook
Twitter
LinkedIn
Archives
Scroll to Top