Posted by Deborah Galea / December 21, 2015
Although USB flash drives are extremely useful devices for transferring data, they do come with security risks. Employees using USB drives at home and then plugging them back into the corporate network is a security concern for any IT Administrator. But with all the news about malware and data breaches, surely employees realize that USB drives can be infected and will be careful before plugging them in, right? Wrong. According to technology certificate provider CompTIA, employees still practice unsafe cyber security habits. In their recent experiment, CompTIA found that nearly one in five people picked up USB drives found in public locations and plugged them into their devices.
Malware and Booby-Trapped USBs
Not only can USB devices contain malware and spread infection as soon as they are connected to a network, they can also be booby-trapped and take over keyboards all while running in the background without the user ever realizing that their computer has been hijacked. For instance, a booby-trapped USB drive was the origin of the infamous Stuxnet worm that infected Iranian nuclear facilities, and has since been billed as the most sophisticated computer virus ever created. Earlier this year, a researcher created a USB stick dubbed USB Killer that is capable of delivering a 220-volt charge to the attached computer within seconds of being connected. The USB stick looks like a normal USB drive and there are no other signs that it is malicious. Microsoft also recently revealed a Windows vulnerability that could allow an attacker to execute malicious code from a booby-trapped USB.
We know USB devices are important for the efficiency of an organization, and that the only way to move data between low-security networks and high-security networks is often through portable USBs. That being said, USB devices should not be banned outright. Instead, organizations need to implement a USB security system to allow the use of USB drives, while at the same time protecting against the inherent threats. These systems should address USB threats in the following ways:
Protect Against Malware: Ensure that all USB devices are checked for malware before they are connected to the network. This can be accomplished by deploying a malware scanning kiosk or station where USB drives are thoroughly scanned for any malware before they can be connected to the corporate network.
Control and Limit: In addition to malware scanning, limits can be set on allowed USB devices and file types based on the user’s role at the organization. For instance, if an employee has no need to use executable files at work, these types of files should be blocked. To avoid file types being spoofed and getting past filters, it is also important to perform file type verification. In addition, since PDFs and Office files are commonly used as attack vectors, it is advisable to sanitize files and remove any possible embedded scripts. In this way unknown threats, such as zero-day threats and targeted threats, can be prevented.
Avoid Direct Plug-Ins: In order to avoid connecting USB drives directly to the network, the USB security system can securely transfer the allowed files from the USB drive to a corporate portal from where the user can download the files. This removes the need to have USB drives connected directly to the network, eliminating the risk of booby-trapped USBs altogether.
In addition to a USB Security system, it is also important that employees are regularly trained on the importance of adhering to strict USB security practices. This allows employees and companies to take advantage of the benefits of USB drives without compromising security.
OPSWAT's Metadefender product can be used to scan USB devices quickly and reliably by utilizing multiple, built-in anti-malware engines (up to 30 engines) that work simultaneously to detect malicious code. Metadefender can further bolster USB security by applying user-based file policies, verifying file types and sanitizing files. In addition, secure file transfer can be used to transfer allowed files and avoid the need for USB drives to be plugged into the corporate network.