There is a saying, [actually, there are lots of variations of the saying] āNothing comes freeā, In my experience, that [and the variations] have proven to be very true. Sometimes the āfreeā item ended up requiring me to buy something else for it to continue to work, or the āfreeā thing was very salty snacks at a bar that require you to buy drinks (no doubt priced to cover the cost of the salty snacks š) to satiate your thirst created by eating all the āfreeā salty snacks. What Iām saying is, the actual payment for the āfreeā item may not be obvious (like a BOGO deal), it may be to entice you to do something else, it might be given at the cost of your time [think a timeshare free weekend deal], or in the case of this monthās topic, a malicious attempt to infect your computer to gain either access to your information or to extort money from us for control of our data [think ransomware].
While I call out the USB drive, it is actually ALL removable media, like USB drives, CDs/DVDs, SD Cards, and floppy disks [if you have any of the latter still in use, we need to talk about updating your system]. You see, you may not be fully aware of the cyber security threats that are present with removable media. Removable media items can be very risky and are a great attack vector for a bad actor. Preying on our desire for something for nothing, they are more than happy to load a drive with viruses or malware and then either drop them, somewhere someone will find them, and let curiosity [and the āwinā of scoring a freebie] take over. Important to know, depending on the level of support, sophistication, and state of security, for the removable mediaās creator, those devices could (and have) come from the factory with malware, keylogging SW, keyboard spoofing code, or hardware destruction code, (intentionally put there by an insider at the factory), or come from the cyber group making them for their specific drop attack, or even from those with no malicious intent, just not knowing they had a virus on their system that was copying itself to all removable media they created (The ADA had an incident like this in 2016 that was reported, many more happen that donāt get reported).
My goal is not to have you take all removable media and burn it, but I do want you to be more cognizant of removable media and take steps to protect yourself. Ideally, you would have a stand-alone system with AV/Malware scanning that you connect your untested removable media to and scan. But, lacking that, these are the steps you should take to mitigate a potential threat in the event you find or are given a removable media drive:
- DO NOT plug in the removable media and then turn on your computer ā When a computer starts up, there is a good chance it will try to load and start from the removable media and execute any virus that might be on the drive.
- Turn off the Autorun/Autoplay feature on your computer ā this will stop the computer from automatically scanning the newly inserted removable media and automatically executing whatever is on it it, in an effort to āhelp youā.
- How: Press Windows key and type autorun, click āAutoPlay and set it to off and set defaults to āTake no actionā
- Once you have plugged in the drive, Open explorer and navigate to āThis PCā
- Right Click the removable media drive you plugged in and select āScan with Microsoft Defenderā or whatever your AV tool is [McAfee, Norton, Bitdefender, etc.ā¦] you might have to click āShow more optionsā first.
- Review the scan results.
Bottom line, please remember two things:
- Currently, 25% of malware is spread by Removable media devices. They are potentially hazardous and should be treated as if they contain malware whether or not itās actually infected with malware. (https://www.darkreading.com/vulnerabilities-threats/25-of-malware-spread-via-usb-drives)
- As a government contractor, we are targets for bad actors, be VERY, VERY, wary of any removable media device you āhappen to findā (it is called a drop attack, leaving a drive where the attacker knows their target will find it), it could be an attempt at cyber espionage. https://strikesource.com/2023/07/18/usb-drives-a-cyberspys-best-friend/
Newsletter by Rob Collings, ISHPI’s VP of Cybersecurity
June 4, 2024