Posted by Bryan Vale / January 18, 2018
In one of the most ironic pieces of cyber security news in recent months, Taiwanese police inadvertently gave out USB drives containing malware as prizes for a cyber security quiz, as reported by BleepingComputer. The USB drives were handed out last December, and the incident was reported earlier this week.
The malware infection reportedly came about because the police department sourced the thumb drives from a third-party contractor. While testing the drives, one of the contractor's employees connected them to a computer that, unbeknownst to them, was infected with malware. As a result, 54 of the 250 USB drives that the police gave out were infected with malware.
The malware was an older strain that was designed to send data to a now-defunct server. Because of this, the incident had no actual negative repercussions.
Naturally, the police department issued an apology. However, this issue extends far beyond one unfortunate, and ironic, incident.
Infected USBs: All Too Common
USB drives that are inadvertently infected with malware are distributed to consumers and companies surprisingly often. In May 2017, IBM accidentally shipped malware-infected USB drives to its customers. In April 2016, the ADA unintentionally distributed infected USB drives to dental offices.
On top of this, cyber criminals have been known to intentionally distribute infected USB thumb drives.
Users are prone to connecting just about any USB drive to their computers, even if the source of the drive is unknown. If the source is known – for instance, a local police department giving out prizes for a cyber security quiz – users will almost certainly plug them in without hesitation.
Whether USB drives are intentionally or unintentionally infected, they are a threat vector that enterprises should be concerned about, especially those with highly secure networks.
Scanning and Verifying Unknown USBs
For these reasons and more, it is extremely important to scan all USB drives, preferably with multiple anti-malware engines. Additionally, Content Disarm and Reconstruction (CDR) altogether removes threats hidden inside common documents and files, such as Word documents and images.
OPSWAT's Metadefender Kiosk product helps secure and air-gapped networks with this by scanning all portable media before it enters the network. Metadefender Client locks USB drives on employee endpoint devices until they are scanned and sanitized, and it can also verify that a USB drive has been scanned by Metadefender Kiosk by verifying a digital signature from Kiosk.