One of our greatest fears is starting to become a reality. We warned you this was coming and it is going to get worse! You may remember the endpoint security penetration test conducted by a security firm back in June which we covered. Well apparently it served as inspiration to some actual hackers in London. Several USB flash drives infected with USB Trojans were scattered throughout a parking lot. The Trojan application was designed to steal users’ login details from compromised machines, not unlike the USB Switchblade application we saw a while back. Don’t say we didn’t tell you so!
Many security professionals are starting to see attackers favor this attack vector over phishing emails and attempting time consuming perimeter style attacks which are getting tougher. As perimeter security has become more robust, hackers are looking for easier ways to compromise systems. A USB removable media device in the hands of the technologically naive is a recipe for disaster. USB ports are wide open and human beings are curious creatures, finding a free USB flash drive in the parking lot can be too much for some employees to resist. That USB Glue option is starting to actually not sound like a bad idea.
USB Risk Prevention
To mitigate the risk, training employees should be the first line of defense. You might be surprised to learn this, but many folks don’t understand the risks posed by removable media devices. Second, if you are serious about protecting data and blocking unauthorized use of USB ports (as well as Firewire, Bluetooth, CD/DVD drives) on your network you will need a stronger policy in place as well as the endpoint security technology to implement it. Windows does not protect you, not even Vista.
The best technology we know of that enables administrators to get granular access of their endpoints is DeviceWall. There is no other technology solution that provides administrators the ability to decide who has access to these devices and ports, who has read/write access to them, enforces encryption on all USB flash drives and audits all data being written to these drives.
