Skip to main content

Removable Media Security Alert

by Rob Priore on Tuesday October 7, 2014

Contact Us
Free Demo
Chat

Did you see the Nova special Rise of the Hackers? I was stunned by an experiment they conducted:

They took infected USB thumb drives with corporate logos on them and basically threw them around company parking lots. A staggering number of people, upwards of 70%, plugged those infected thumb drives into their corporate machines. Unbeknownst to them a malicious program transferred onto their corporate network. That program then sent information back to the researchers. This gets much worse, when they left a CDROM with a handwritten title of Quarterly Financials and Salaries in the parking lot a mind boggling 100% infection resulted. I need to say that again: 100% infection.

The researchers conclude that Stuxnet was delivered into the Iranian nuclear enrichment facility via infected thumb drive or CDROM. For those of you not too familiar with Stuxnet I suggest you check out the Nova show. In a nutshell though, Stuxnet is a very complex program that seeks out specific machine controllers used to operate the motors in uranium enrichment centrifuges. Stuxnet basically blew up those centrifuges which set back the Iranian nuclear program a few months.

What’s incredible here is that hands down Stuxnet is the most advanced malware yet to be produced, as far as we know anyway. And it wasn’t delivered via email spearphishing, or infected websites, or any other network-based attack vector. It came in right off the street, carried in by an authorized user and put into service with a simple thumb push. How’s that for all the money spent on perimeter defense?

Think about this: a person, group, or government entity could engineer an attack on our critical infrastructure – think power grid, oil refineries, and the like – and cripple us to a degree that could completely destabilize our way of life. What would it be like to lose power for 2 months? What would happen to our society? Stuxnet is a weapon. Perhaps the most dangerous weapon ever developed; because it achieves its goal without taking a single life it seems to me that it’s far more likely to be used.

Pandora’s Box is now open and it means the endpoint is the new perimeter.
 

More from the Digital Guardian Data Security Knowledge Base:

 

Tags:  Cybersecurity USB Security

Recommended Resources


The Definitive Guide to DLP

All the essential information you need about DLP in one eBook.

The Ultimate Guide to Data Protection

Everything you need to know about data protection but were afraid to ask.