Secure USB Drive

This article shows just how easy it is for a hacker to introduce malware to a company’s network using a little social engineering.  In this case, the infected USB thumb drives were introduced by a security consultant conducting an experiment in an organisation.

But it shows just how vulnerable companies are to a simple, but powerful driver:  human curiosity.  This is mirrored in the USB security survey done by SanDisk in April 2008.  12% of corporate end users reported finding a USB pen drive in a public place, and 55% said they would try and view the data on it.

So it’s no surprise that networks can be hacked, and infections spread by these means.  Once again, it’s a powerful reason to deploy port control, to issue users with company encrypted USB thumb drives, and to enforce the policy that only company-issued drives are used on the network.

With the Downadup worm being so widespread in recent weeks, malware is once again rising up the security agenda.  And a recent report from our anti-virus partner McAfee says that 2009 will see further outbreaks, with USB flash drives being a key method for malware spread.

The report shows that the incidence of malware distributed through removable storage devices, including USB memory sticks, has increased.  To reduce the risks of infection, and to stop risks of data theft and leaks, secure flash drives are key, especially those that features on-board, automated anti-malware scanning, like our Cruzer Enterprise range.

The full report can be accessed here - it makes interesting reading.

Our latest thought-leadership article has been published online in two security portals.  The article looks at best practice in securing data at rest on USB thumb drives.  It also touches on port control by effective management and provision of drives.

You can read the article here at QuantaSecurity.com and ProSecurityZone

The Downadup worm, which spread with unprecedented speed in January, has claimed its latest victim by infecting French military computers and grounding fighter jets, according to French news sources.

The fighters were apparently unable to download their flight plans after databases were infected by Downadup.  The report goes on to say that at one point, French naval staff were also instructed not to even start their computers.

The French navy admitted that while disinfecting its networks, it had to return to more traditional forms of communication: telephone, fax and post.  Officials said the infection was probably due to a member of navy personnel using an infected USB key.

As we have mentioned in this blog before, this USB attack vector can be stopped with our Cruzer Enterprise secure USB flash drives with onboard anti-virus scanning.

A new series of articles in Windows IT Pro magazine is looking at encryption strategies for businesses.  The first article looks at securing USB thumb drives.

As it rightly points out, unsecured pen drives have become such a security risk because they’re so useful and portable.  In just 5 years, the UK Ministry of Defence lost 121 classified USB pen drives - that’s an average of one every two weeks.  And of course, they weren’t secured by encryption.

The article looks at what can be done to secure thumb drives.  However the technique proposed still leaves flaws that can leave data vulnerable, compared with a true secure USB flash drive.  See our earlier post for full details of how encryption should be deployed on USB drives.

These encryption techniques should also be applied to all company data at rest - no matter where it is stored.  This will protect against security breaches even if an attempt is made to access the data.

A new worm that’s capable of spreading via USB flash drives was identified last week.  The so-called ‘Obama’ worm, like the Downadup worm which spread so quickly in recent weeks, uses the Windows Autorun feature to install itself automatically on any drive it connects with.

The good news is, the worm seems to have no malicious action.  It is also poorly written according to analysts, and so is unlikely to become widespread.

But what this does show is, malware writers now see USB drives as a key vector for spreading infections within organisations.  That’s why secure USB flash drives that include hardware encryption and on-board antivirus scanning will become a key weapon in the the security battle this year, as they stop both data loss and malware spread.