Thumb Drives

Submitted

Posted on Thursday, April 18, 2019


USB thumb drives have become a popular attack vector for injecting malware on computers located within a protected infrastructure.

These same mobile devices have also been used to steal sensitive data and have been responsible for the unauthorized disclosure of information either through a malicious user or when an authorized user unintentionally loses a device containing sensitive information.

What are the security concerns?
• These devices can be very small; therefore, they are more easily lost, stolen, or hidden.
• Their popularity and widespread use make them a popular target for cyber criminals to spread malware. They have even been targeted at the production phase, while they are being assembled, meaning that even a brand new device might have been infected.
• They can now hold a very large amount of data, making them attractive to someone who intends to illicitly steal a large amount of data.
• The average user is unaware of the vulnerabilities associated with these devices; and therefore, may be more likely to be careless, store sensitive information, and less vigilant about keeping work and personal information separate.
• If a USB thumb drive is found, typically the first reaction the finder will have is to view the information to attempt to see who the owner is so it may be returned, or to see if there is any “interesting” information.
• A computer can silently run code from a USB Thumb Drive the moment a device is plugged in, without the user’s knowledge or permission. Cyber criminals have been known to drop several USB thumb drives somewhere public, close to the intended target, and wait for unsuspecting employees to insert it into their work system in order to install malicious software designed to steal personal information.
Best Practices
• Obtain an approved USB device from your IT branch with encryption and biometric capabilities for all work related activities.
• Never plug an unknown or personal USB device into a work computer – even those that have been offered as a promotional item.
• Always use separate USB devices for work and personal use.