Majority of companies give USB drives away as a part of marketing campaigns. Every time the recipient uses these useful devices, the company logo gets airtime.
USB drives are also fast becoming a favored means of distributing system software. As USB and cloud storage solutions expand in size, many system buyers no longer specify optical drives.
Stop and think for a moment. When was the last time you used an optical drive and a USB device?
However, there is a dark side. USB drives are increasingly being used as an attack vector to allow malware to jump the otherwise air-gapped networks. They are also a favorite transmission method in an age of increasingly vigilant online and on-demand antivirus and anti-malware products.
The malicious code was probably planted long before either organization ever made contact with the devices, most likely in a compromised assembly line.
It is still embarrassing if you are the police at a cyber security event or IBM distributing system software. From the malicious actor’s point of view, this is a smart move. After all, who would expect the IBM or police cybercrime team to actually (although unknowingly) distribute infected files?
Here are the takeaways:
- Do not trust any device from any source. Your friends or customers will not be offended if you remind them to scan your media nor should they take offense if you scan a device before working with the data it contains.
- Do not allow USB devices to autoboot/autorun.
- Do not leave your machine configured to autoboot from USB. All it takes is a few minutes of unguarded access to infect your system with a bootable USB. You might never find out where the problem came from.
- Set your antivirus software for an on-access scanning on every storage device and not an on-demand one.
- Make sure your antivirus software scans USB devices as well as other mass storage media.
- If you are a system administrator, consider a mandatory ‘sheep dip’ where portable media is scanned on a dedicated, and regularly checked, standalone workstation before allowing it into your data center or network.
- If you manage a workstation estate, educate your users. Consider centrally administered policies for media access and malware scanning.