Taking his usual route home, John catches a glimpse of a shiny object. He stops and picks up the USB stick. Perhaps he is thinking that he can find the owner and return it. He gets home and plugs it in. Unaware, he just infected his computer with malware.
A Dangerous Liaison
USB sticks appear as convenient small devices. The purpose of these devices is to store data. The perfect undercover to release malware. Once plugged into the computer, the Windows OS is configured to launch the device. It trusts that the device is clean and will automatically run the infected program.
A Good Deed?
In a recent study conducted by the University of Illinois, 297 USB sticks were dropped around the campus. Of these devices, 98% were moved from their original location and 68% were plugged in with no security precautions.
Most people who picked up the USB sticks were trying to identify the owner so they could return it. What in essence could be deemed a good deed could have resulted in an infected computer. The type of malware on the USB stick is left to the hacker’s imagination.
A Cyber Attack Released by USB Keys
Who would have thought that the convenience of USB sticks could be so handy in transmitting malware? In June 2012, The New York Times did a story on President Obama ordering the increase of cyber attacks to undermine Iran’s nuclear program. The United States and Israel worked together to develop the Stuxnet worm. This worm is typically transported via an infected USB stick.
These USB sticks were critical to spreading the virus. The United States and Israel relied on engineers, maintenance workers and others who had physical access to the plant. It worked.
To activate the worm, a certain set of criteria needed to be in place. Once activated, variants of the worm were released. The timing of the attacks varied and each attack was different.
There are some measures that can put in place to protect a computer from getting infected by a USB key.
- Ensure that a reliable antivirus software is running on the computer.
- Install anti-malware on the USB stick. It will protect the device when used on another computer.
- Turn off Auto-Play in Windows 10. This prevents the Windows OS from automatically launching the device.
Not only is this a security matter but a privacy issue, encrypt the files! If the USB stick contains files from work, it is important to encrypt the files so sensitive information is not released. Even if they are files from home, it is much safer to encrypt the files in case the device is lost. The files could contain personal information and encryption will keep the personal information private.
USB sticks are great to transport files but also great at transporting malware. Before inserting a USB stick into a computer, use some precautionary measures to prevent getting infected. Taking a few minutes to scan the device is not long compared to the time it would take to deal with an infected computer.