Protect Your Organisation Against Malware Threats Spread Through USB Devices

Published on 24 Apr 2024

 

USB drives are small, portable, and readily available storage devices. These characteristics bring great convenience for data transfer and device connectivity. However, USB drives also harbour the potential to introduce malicious software into an organisation's systems.

Threat actors have been observed to leverage the same convenience USB drives bring for file transference to bypass network perimeter defences and spread their malware. After gaining an initial foothold within the targeted organisation, threat actors would deploy malware on compromised computers which will actively scan and infect any connected USB drives. These connected USB drives will then become carriers of the malware and can go on to infect other computers or networks.

Another attack vector is the USB Rubber Ducky, which is a small computer masquerading as an ordinary USB drive. When plugged into a computer, it can quickly execute pre-programmed commands without requiring any user interaction. Threat actors can spread their malware by distributing these USB Rubber Duckies to unsuspecting victims or by plugging USB Rubber Duckies into unattended computers.

Implementing USB Drive Hygiene Practices

To mitigate the risks arising from the use of USB drives, organisations are advised to implement the following best practices:

  1. Scan USB Devices Before Use with Updated Antivirus: Prioritise the scanning of USB devices with an updated antivirus before accessing any files or executing programs stored on them. Regular malware scans can help to detect and neutralise potential threats, safeguarding your systems from USB-borne malware infections.
  2. Exercise Caution with Unknown USB Devices: Avoid using USB devices from unknown or untrusted sources. Refrain from plugging in USB drives or peripherals obtained from unfamiliar individuals or dubious sources, as they may contain malware designed to compromise your system. This includes USB drives distributed at conferences or exhibitions.
  3. Implement USB Device Controls: USB device controls can be implemented by creating a whitelist of authorised USB devices that are permitted to connect to organisational systems, while blocking all others. Permitted devices can be identified through their hardware ID. Additionally, for computers located in public spaces, organisations may wish to consider implementing USB port blockers to physically disable the USB ports to reduce the risk of malware being introduced.
  4. Exercise Discretion with AutoRun/AutoPlay Features: Exercise caution when enabling AutoRun or AutoPlay features, as these features can facilitate the automatic execution of programs from USB devices. Organisations may wish to consider disabling these features or configuring them to prompt for action, reducing the risk of unintended malware execution.
  5. Implement USBs with Write-Protection: Use USB drives with write-protection hardware switch and turn on write protection if you need to connect to an untrusted computer. This preserves the data integrity of the USB drive by preventing the writing or modification of data.
  6. Implement Endpoint Security Measures: Robust endpoint security solutions, including antivirus software, firewalls, and intrusion detection systems should encompass both online and offline threat vectors to provide comprehensive protection.
  7. Keep Work and Personal USB drives Separate: Do not connect personal USB drives to computers owned by your organisation or USB drives containing corporate information to your personal computer. This helps to prevent data mingling and reduces the chances of a malware infection spreading via USB drives.
  8. Implement Organisational Policies for Device Security: Organisations can implement and enforce organisational polices to ensure employees do not leave work devices unattended in public, or at conferences/exhibitions. Additionally, employees should also be made aware of the security risks that come with the usage of USB drives.

The implementation of these measures can help protect your organisation from the malware threat posed by infected USB drives.

References:

https://www.cisa.gov/news-events/news/using-caution-usb-drives

https://www.kaspersky.com/blog/usb-hygiene/2471/

Tags
Alerts & Advisories Advisory
Share