Policies are useful, but without enforcement, they are not a successful means of preventing malware invasions and the theft of business information.
· Some companies have dedicated machines or specifically trained employees who handle external USB drives in situations where it is necessary to carry data from the outside into the corporate environment. There are dedicated systems, often specialized Linux variants, that provide tools to scan USB drives without providing the typical attack surface themselves.
· Have a port-control solution installed on all of the enterprise’s computers that can access your network, says the APWG’s Jevans. This can prevent any non-authorized USB device from being used to copy data to or from your computers and network. In addition, allow only USB devices that have self-encryption that is always enabled. USB devices with hardware-based encryption are best because they cannot be disabled.
· Remember iPhones, iPads, and Android devices are USB-compatible and can store up to 64 gigabits of data. Make certain you are managing these devices.
· Consider incorporating Ghost into your malware defenses toolkit. Ghost is a malware detection component—freely available at http://code.google.com/p/ghost-usb-honeypot/—that simulates the connection of a USB drive. “If malware that propagates via a USB drive resides on a system,” says Christian Seifert, Honeynet Project CEO, “the malware will attempt to copy itself onto this simulated USB drive therefore allowing Ghost to raise an alert.”
The dangers that infected USB flash drives pose are, of course, not new. But, earlier on, the infections simply corrupted files or the drives, making them inoperable. Now, says Laing, with cybercriminals focused on financial gain, things are not so simple.
“Now infections can be super viruses or advanced persistent threats (APTs), and can do anything from collect biographical information on the user, locate files containing intellectual property [such as blueprints and credit card information], or do damage as Stuxnet did,” Laing explains.
It is impossible to stress enough the possible dangers that can occur when USB usage goes uncontrolled, says APWG’s Jevans.
Take, for example, the Conficker malware that infected more than 15 million computers and tens of thousands of corporations. The cause? An unauthorized USB flash drive that contained a worm that required a concerted global effort by SRI and many security companies to shut it down, recalls APWG’s Jevans.
“If the Conficker authors ever adapt their malware to iPhones or Androids,” Jevans says, “the epidemic that could occur could be staggering.”
About the Author
Paul Hyman is a freelance technology writer and editor. He was an editor-in-chief at CMP Publications (now United Business Media) and currently reports for such publications as Communications of the ACM, IHS’ Electronics360, and CRM Magazine. See an archive of some of his stories.