The police force in England’s second-largest city, the Greater Manchester Police (GMP), has suffered extensive disruption for several days following an infection by the Conficker worm.
Read More »

It’s been reported today that the UK security service, MI5 has accused China of bugging and initiating acts of espionage on UK business executives, to obtain sensitive commercial secrets.

The story, from a leaked MI5 document says that undercover intelligence officers from China’s People’s Liberation Army and the Ministry of Public Security have also approached UK businessmen at trade fairs and exhibitions with the offer of “gifts”. The gifts — such as USB memory sticks and other digital media — have been found to contain electronic Trojan bugs which provide the Chinese with remote access to users’ computers.

This is yet another example of the use of innocuous-looking devices in an attempt to harvest sensitive or confidential data. The best advice to protect your PC and corporate networks is to use only authorised, secure flash drives, preferably with on-board anti-malware scanning capability, and lock out unauthorised devices. After all, Trojan horses are no longer larger than life and made of wood.

We saw in 2008 and 2009 how worms came back to prominence, thanks to the wide spread of Conficker and its variants. A timely reminder that the threat is still high was given last week, when Google revealed a highly sophisticated series of cyberattacks originating from China that stole some of its intellectual property and affected about 30 other Silicon Valley companies.

This recent attack shows how malicious software has evolved into an advanced weapon that can specifically target companies – even companies as advanced as Google – with the aim of gaining a financial or competitive advantage.

Attackers will try any method available to seed the malware onto a company network, including infecting USB flash drives and distributing them at events, or “losing” them in car parks for unwitting employees to find. That’s why latest-generation secure flash drives, such as our own Cruzer Enterprise range, can also feature onboard anti-malware scanning to nullify this threat.

A recent survey of London taxi drivers shows that December is the worst time of year for losing mobile phones, laptops and memory sticks.

Apparently some 10,000 mobiles are left behind in taxis every month, and over 1,000 laptops, flash drives and other removable devices too. It’s believed that most of these losses happen because they slip out of peoples’ pockets, or are simply forgotten as passengers rush to their next meeting or destination.

The good news is that London cabbies are more honest than their counterparts in New York:
80% of taxi drivers in London claimed that they had reunited owners with their devices once they were found, compared to just 66% in New York.

Even so, it’s all the more reason to secure any data on these portable devices with encryption – just in case you’re one of the 20% whose device isn’t found.

The Royal Navy has begun an investigation into how a memory stick containing restricted information on Royal Navy manoeuvres and personnel was found in a public car park, close to the mooring of the Navy warship HMS Hurworth in Belfast, Northern Ireland.

Although the device was handed in to police, an attempt had been made to sell the flash drive and its contents to an Irish newspaper – which suggests the contents of the drive were not protected.  The Navy investigation will focus on trying to establish if the data on the drive has been copied.

Incidents such as this highlight the wisdom of the approach being taken by the US military on the re-introduction of flash drives – including measures such as authorised staff being issued with centrally procured, approved, secure USB flash drives, a ban on all personally owned flash media.  This way, users can enjoy the flexibility of flash drive use without the security risks, as the protection is delivered and managed transparently.

Here are some sobering statistics from a recent US survey of IT professionals.  The leading magazine InformationWeek recently announced the findings of its State of Encryption Survey, which polled the opinions of 499 IT staff. 

Only 14% of respondents said encryption is used across their organisations, and just 38% said they encrypt data on mobile devices.  The main reason for deploying encryption (31%) was to meet regulatory requirements – and there’s a strong reason for this, as 44 US states enforce mandatory disclosure of data breaches, and such disclosure can cost organisations hundreds of thousands of dollars. Read More »

Earlier this week, the Information Security Forum’s World Congress was held in Vancouver, Canada.  One of the keynote speakers was FBI Assistant Director of Cybersecurity, Shawn Henry.  He spoke about how the new and emerging threats against security are proving effective, and how exploiting security flaws is costing corporates in hard cash.

He also related some recent, effective hacking techniques which his department had investigated.  A key example was during a recent conference, where a malicious party left several USB memory sticks in a nearby parking area, with each device containing malware. Any conference attendee plugging the drive into their laptop to see who it belonged to “was providing egress for a potential adversary,” said Henry.

This reinforces the need for organisations to control how they allow the use of USB devices – good practice is to lock out unauthorised or personal devices, to avoid the risk of this type of hack, and to issue staff with secure USB flash drives that safeguard data against loss or theft.

Our latest article on securing USB flash drives against malware and data loss or theft is now online here, at leading portal Global Security Magazine.

The article looks at how to stop worms such as Conficker propagating onto networks, and using USB memory sticks to spread, based on what happened to UK public sector organisation Ealing Council earlier this year.

It also covers best practice in data security and management.

Personal data doesn’t get much more sensitive than an individual’s medical and health records, so it’s no surprise that the health sector has been among the leaders in adopting best practices in data security.

This article by John D. Halamka, the chairman of the American Healthcare Information Technology Standards Panel, sets out the issues and proposes a data security standard for all circumstances.

This includes mandatory encryption of data whether at rest or in transit – including the use of secure USB flash drives.  It’s well worth a read.

Here’s an article on SC Magazine’s website on the explosive growth in storage capacities of USB flash drives, with a discussion of what steps can and should be taken to secure them. 

As SanDisk CEO Eli Harari pointed out recently, the increase in capacity of drives has exceeded Moore’s Law in recent years, making it increasingly tempting to use flash drives to store and transport large amounts of data. 

The article takes in comment from several vendors, including SanDisk, looking at the issue.  The conclusion is enterprises and IT-literate consumers are already taking advantage of secure flash drives to protect their data – but there will always be a price-conscious market for unsecured drives.