Security Best Practices for Preventing USB Attacks
A cybercrime group has been mailing companies USB devices laced with malware–and with accompanying messages suggesting the thumb drives contained COVID information or that they were a free gift from Amazon.
The goal of these scams is for users to insert the device into their computer, allowing it to install malware onto the targeted computer. If you’d like to learn more, be sure to check out our podcast on this topic: SOC Talk: Malware on USB.
FAQs–and answers–about how to prevent USB attacks
This may seem to be an easy enough scam to avoid. Afterall, you simply have to avoid inserting dubious devices into your computer, right?
Not so fast. These scammers are becoming increasingly clever in their efforts; avoiding their schemes may not be so easily accomplished.
What if I get a USB drive in the mail that looks important. How can I verify its validity?
- Always check with the organization or company that it claims to come from–and not from any website from the accompanying materials. Google the company it came from and call their customer service to check. If they can not verify it, do not trust it.
- If you receive one at work, notify the IT department before inserting it into any work device. You could be one of many people who received the USB, so they’ll want to investigate and potentially perform a forensic analysis. It could end up not being malicious at all, but it’s better to be safe than sorry.
Help! I inserted the thumb drive and now I have malware! What do I do now?
- Disconnect your device from the network and power it down immediately!
- Contact your IT department. Don’t try to fix it or be too embarrassed to contact them. This can happen to anyone, and it’s important that they are notified ASAP. It not only lets them take necessary steps to contain this incident, but it also helps them prevent other targets from using the infected devices, too.
How do I draft a security policy for USB devices?
When drafting your company’s security policy, you want to consider the following points:
- Have a data backup plan so that devices can be wiped and data can be restored. In addition to providing a game plan of what needs to take place in the event of an incident, having a documented backup plan also makes it more likely employees will report incidents earlier–because they won’t fear losing their data.
- Educate employees on not plugging in random devices and make it part of security awareness. Regular security training is critical.
- You can write into your policy that critical infrastructure may not have unapproved USB drives inserted, or that only certain people have the authority to do so.
- Require devices to be encrypted, which makes it more difficult for the data to be of use to anyone–and makes it harder for malware to detect.
- Anti-virus must be installed on devices.
- Disable auto-run so it can’t be exploited by malware.
- Encourage use of file sharing services such as Dropbox and Google Drive.
More information on USB devices and security can be found at CISA. Cybercriminals are constantly adapting and changing tactics, so staying up to date on security best practices is an important part of your security stance.
To help with that, sign up for our newsletter–we’ll keep you updated on our latest content and events to help keep you informed.
About Hurricane Labs
Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.
For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.