
Don’t Start With a Penetration Test
As a provider of cybersecurity services, we are often asked by organizations to conduct network penetration tests (also known as Pen Tests for short). While
USB drives, also known as thumb drives, have become a popular form for storing and transporting files from one computer to another. Their appeal lies in the fact that they are small, readily available, inexpensive, and extremely portable. However, these same characteristics make them attractive to attackers. Just look at some of the most spectacular computer attacks in the last few years, and you’ll usually find a USB drive at the heart of it all. And it’s not just thumb drives that are the culprits, any device that plugs into a USB port including electronic picture frames, iPods, and cameras can be used to spread malware. These devices can even be infected during the production or supply chain process if quality control measures are not up to par. When users buy the infected products and plug them into their computers, malware is installed on their computers.
There are numerous ways for attackers to use USB drives to infect computers. One method is to install malicious code, or malware, on the device that can detect when it is plugged into a computer. When the USB drive is plugged into a computer, the malware infects that computer. Another method is to download sensitive information directly onto a USB drive. The only thing needed to accomplish this is physical access to a computer on the network. Even computers that have been turned off may be vulnerable, because a computer’s memory is still active for several minutes without power. If an attacker can plug a USB drive into the computer during that time, he or she can quickly reboot the system from the USB drive and copy the computer’s memory, including passwords, encryption keys, and other sensitive data, onto the drive.
Often times, a company’s biggest weakness might not be a malicious insider, but rather an employee who simply doesn’t understand the potential security risks of their actions. Even the Department of Homeland Security (https://gcn.com/articles/2011/06/30/dhs-test-found-thumb-drives-disks-network.aspx) discovered in 2011 that 60% of USB drives (deliberately planted in places like federal agency parking lots) were inserted into company computers after they were picked up by unsuspecting workers. This number rose to 90% when the USB drives had the Department of Homeland Security logo.
There are steps you can take to protect the data on your USB drive and on any computer that you might plug the drive into:
Next time you pick up a USB drive, keep in mind the potential risks you could be unleashing on your network. Following these simple suggestions, can go a long way in helping to increase your data’s security.
Jessica Katz is a Security Analyst with M.A. Polce Consulting, Inc. For questions or comments, please contact her at jkatz@mapolce.com.
Expand Your Infrastructure with Wireless Development Services
1 in 3 Employees Rarely or Never Think About Cybersecurity
A Security Service Tailored for NY School Districts
Don’t Start With a Penetration Test
Managed Service Provider (MSP) vs. Managed Security Service Provider (MSSP). What’s the difference?
vCISO – virtual Chief Information Security Officer
Be Prepared – Business Continuity
How Hackers Get Your Password and How to Defend Yourself
A Security Service Tailored for NY School Districts
Managed Service Provider (MSP) vs. Managed Security Service Provider (MSSP). What’s the difference?
Be Prepared – Business Continuity
Expand Your Infrastructure with Wireless Development Services
As a provider of cybersecurity services, we are often asked by organizations to conduct network penetration tests (also known as Pen Tests for short). While
As a business owner, you need the right technology to keep your business running efficiently and secure from data breaches. When looking to outsource these
The Situation The January 30, 2021 ransomware attack on the Victor Central School District located near Rochester, New York, was an unwelcome reminder of the
© Copyright M.A. Polce. All rights reserved.
MA Polce Consulting provides links to web sites of other organizations in order to provide visitors with certain information. A link does not constitute an endorsement of content, viewpoint, policies, products or services of that web site. Once you link to another web site not maintained by MA Polce Consulting, you are subject to the terms and conditions of that web site, including but not limited to its privacy policy.
Click the link above to continue or CANCEL