ISHPI

Thanks for The Free USB Drive!
ISHPI CyberBytes Newsletter Vol. 2 Issue 4
Read all CyberBytes Newsletters

There is a saying, [actually, there are lots of variations of the saying] ā€œNothing comes freeā€, In my experience, that [and the variations] have proven to be very true. Sometimes the ā€œfreeā€ item ended up requiring me to buy something else for it to continue to work, or the ā€œfreeā€ thing was very salty snacks at a bar that require you to buy drinks (no doubt priced to cover the cost of the salty snacks šŸ˜‰) to satiate your thirst created by eating all the ā€œfreeā€ salty snacks. What Iā€™m saying is, the actual payment for the ā€œfreeā€ item may not be obvious (like a BOGO deal), it may be to entice you to do something else, it might be given at the cost of your time [think a timeshare free weekend deal], or in the case of this monthā€™s topic, a malicious attempt to infect your computer to gain either access to your information or to extort money from us for control of our data [think ransomware].
While I call out the USB drive, it is actually ALL removable media, like USB drives, CDs/DVDs, SD Cards, and floppy disks [if you have any of the latter still in use, we need to talk about updating your system]. You see, you may not be fully aware of the cyber security threats that are present with removable media. Removable media items can be very risky and are a great attack vector for a bad actor. Preying on our desire for something for nothing, they are more than happy to load a drive with viruses or malware and then either drop them, somewhere someone will find them, and let curiosity [and the ā€œwinā€ of scoring a freebie] take over. Important to know, depending on the level of support, sophistication, and state of security, for the removable mediaā€™s creator, those devices could (and have) come from the factory with malware, keylogging SW, keyboard spoofing code, or hardware destruction code, (intentionally put there by an insider at the factory), or come from the cyber group making them for their specific drop attack, or even from those with no malicious intent, just not knowing they had a virus on their system that was copying itself to all removable media they created (The ADA had an incident like this in 2016 that was reported, many more happen that donā€™t get reported).

My goal is not to have you take all removable media and burn it, but I do want you to be more cognizant of removable media and take steps to protect yourself. Ideally, you would have a stand-alone system with AV/Malware scanning that you connect your untested removable media to and scan. But, lacking that, these are the steps you should take to mitigate a potential threat in the event you find or are given a removable media drive:

  1. DO NOT plug in the removable media and then turn on your computer ā€“ When a computer starts up, there is a good chance it will try to load and start from the removable media and execute any virus that might be on the drive.
  2. Turn off the Autorun/Autoplay feature on your computer ā€“ this will stop the computer from automatically scanning the newly inserted removable media and automatically executing whatever is on it it, in an effort to ā€œhelp youā€.
    • How: Press Windows key and type autorun, click ā€œAutoPlay and set it to off and set defaults to ā€œTake no actionā€
  3. Once you have plugged in the drive, Open explorer and navigate to ā€œThis PCā€
    • Right Click the removable media drive you plugged in and select ā€œScan with Microsoft Defenderā€ or whatever your AV tool is [McAfee, Norton, Bitdefender, etc.ā€¦] you might have to click ā€œShow more optionsā€ first.
    • Review the scan results.

Bottom line, please remember two things:

  1. Currently, 25% of malware is spread by Removable media devices. They are potentially hazardous and should be treated as if they contain malware whether or not itā€™s actually infected with malware. (https://www.darkreading.com/vulnerabilities-threats/25-of-malware-spread-via-usb-drives)
  2. As a government contractor, we are targets for bad actors, be VERY, VERY, wary of any removable media device you ā€œhappen to findā€ (it is called a drop attack, leaving a drive where the attacker knows their target will find it), it could be an attempt at cyber espionage. https://strikesource.com/2023/07/18/usb-drives-a-cyberspys-best-friend/

Newsletter by Rob Collings, ISHPI’s VP of Cybersecurity

June 4, 2024

Share this Newsletter