Carrying on with National Security Cybersecurity Awareness Month (NSCAM), we continue our celebratory blog series. This one is on the dangers the Universal Serial Bus (USB) and other removable media. USBs are called all kinds of things, from thumb drives to memory sticks to USB flash drives.
USB’s sure are convenient. They’re tiny and you can get a 128GB one for about $25. They even come in cute form-factors.
Companies used to give them away at security trade shows. They don’t anymore. This is because of the security risks associated with USBs.
What are the Security Risks of USBs?
Oh where to start. They could come preloaded with malware to infect everything that they are plugged into. A vendor may preload malware / spyware or benign but pesky software on them before shipping. A bad guy might install malicious software and convince you to plug it into your computer, or do it surreptitiously. A friend or child might bring home an infected stick and infect all the computers in your house.
Don’t People Know Better?
Some do. But a lot don’t. Bad guys may install malware on USB sticks and leave them to be found and used by naive users. A few years ago a study was done by researchers from Google, the University of Illinois Urbana-Champaign and the University of Michigan found that 48% of the drives they scattered around the Urbana-Champaign campus were picked up and used.
USBs Can Be Used to Exfiltrate Proprietary Data
Given the diminutive size of the USB, they can be easily pocketed and taken anywhere. They could be used to steal massive amounts of corporate data such as valuable customer information. It happens all the time. It is believed that Edward Snowden used a thumb drive to exfiltrate data from the NSA.
The Risks of Removable Storage are So Severe IBM Banned Them
Citing the security risks of USBs, IBM CISO Shamla Naidoo sent a memo out to all staff banning them. According to the memo, IBM: “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).”
A Video on the Dangers of USB Drives from Javvad Malik!
What You Can Do About USB Usage on Corporate Networks
Easy - AienVault’s Unified Security Management (USM) can detect USB usage on corporate networks.
The USM agent can detect when USBs are plugged in to computers on your network. If you don’t use the USM agent, which has the USB function natively, you can script USB scripting into the config file of NXlog. You need to include the path where usb detection resides. NXlog will forward to USM.
Here’s an article describing how.
USB Detection in USM Anywhere:
USM checks for USBs on a 30 minute heartbeat as shown below:
Rule Sets within the Agent shown below:
Potential aftermath without preemptively detecting keylogger on USB shown below.
Conclusion
USM Anywhere can provide a way for IT and the SOC to be aware of any USB usage on the corporate network. Given all of the dangers of USB usage, that’s a big help. But even off the corporate network, stay safe! If in doubt, don’t plug it in!
