InformationWeek highlights a new study showing that malware on USB sticks is wreaking havoc on information security. The new survey by the Ponemon Institute found:
In the past two years, 70% of businesses have traced the loss of sensitive or confidential information to USB flash memory sticks. While such losses can obviously occur when the devices get lost or stolen, 55% of those incidents are likely related to malware-infected devices that introduced malicious code onto corporate networks.
Most of the respondents do not have any form of endpoint security in place, or don’t enforce their own USB security policies. Cost may be an important factor as “75% of respondents said they wouldn’t pay a premium to ensure that USB drives are safe and secure.”
Setting aside the fact that this is short-sighted given the cost of a data breach, you don’t need to break the bank to secure your USB drives. The Kanguru Defender Basic features automatically enforced military-grade encryption, plus an onboard anti-virus scanner to prevent malicious code from entering your network. Best of all, it’s available at a mainstream price.
Data Security
You might not know the answer to that question until it’s too late. Unfortunately, the most common response to finding a USB drive is to plug it in. Virus-writers count on that response when they design the latest malware threats.
Network World discusses the way the Stuxnet worm has exploited this vulnerability.
Many companies have focused on the worm’s ability to spread via USB flash drives. Malicious programs spreading through infected such devices have become a major problem for corporations, because of employee curiosity. In penetration tests conducted by Leviathan Security, 8 out of 10 employees that found a USB drive plugged it into a computer. All of those workers then went on to open up a spreadsheet labeled “LayoffNotice.xls,” says Frank Heidt, CEO of Leviathan.
“You can tell your people, ‘Hey, don’t plug in USB sticks into your network,’ but that is antithetical to human nature,” Heidt says.
One way to combat this problem is to restrict unknown USB devices from your network and only allow devices with built-in antivirus protection. Kanguru includes integrated malware protection as a standard feature on all new secure flash drives. The network restrictions can be easily managed with Group Policy or one of the many Endpoint Security products now on the market.
Data Security, Malware, Portable Storage
Defense Systems has a great explanation of the Stuxnet worm that is targeting industrial machines and may have been an attack against Iran’s nuclear facilities. Kevin Coleman writes that the “Stuxnet worm was highly sophisticated - perhaps the most sophisticated attack that is known to the public thus far, leading some in the field to proclaim the piece of code the best malware ever.”
A commenter on the article asks why critical machines would be connected to the public internet and made vulnerable to such attacks. Dark Reading points out that even if the machines are isolated, they can be breached using USB sticks:
PLCs and control systems had been considered relatively insulated from the outside world and attack because they aren’t typically Internet-connected. But Stuxnet drove home the worst-kept secret that these systems still are connected to Windows or other machines that can get infected — in this case, by a USB stick — and therefore aren’t as protected as they had seemed.
An easy solution would be to use Endpoint Security or Group Policy to block USB sticks unless they have built-in anti-virus protection like the Kanguru Defender Elite.
Malware
A recent NY Times story on the Google - China confrontation mentions an increasingly common attack using USB flash drives to load malware.
Often, malware infections are a result of high-tech twists on old-fashioned cons. One scam, for example, involves small U.S.B. flash drives, left in a company parking lot, adorned with the company logo. Curious employees pick them up, put them in their computers and open what looks like an innocuous document. In fact, once run, it is software that collects passwords and other confidential information on a user’s computer and sends it to the attackers.
USB malware is a serious problem and Kanguru highly recommends using endpoint security to defend against these types of attacks. Portable flash drives may cause security concerns, but blocking them altogether can reduce worker productivity and cause major inconveniences. Endpoint security is an easy way to allow limited flash drive usage and still keep out unauthorized devices. That is why Kanguru has built USB Device Control directly into its Remote Management Console. Now organizations can remotely manage their secure devices and lockdown all others from one integrated console.
Data Security, Malware, Portable Storage
Employees are willing to steal data from their employers and for the most part there is nothing being done to stop them. Two separate studies published this week show that insiders are walking off with customer lists, plans and proposals, and sensitive product information.
Dark Reading has more details -
Almost half of the respondents (48 percent) admitted if they were fired tomorrow they would take company information with them, Cyber-Ark says. Thirty-nine percent of people would download company/competitive information if they got wind that their job were at risk. A quarter of workers said the recession has made them feel less loyal toward their employers.
As we have noted before, much of the insider theft (42% in one survey) is committed with the help of USB flash drives. In response, Kanguru is developing management tools to give companies more control over their USB thumbdrive fleet. With KRMC, administrators currently have the power to remotely disable or delete employee flash drives when the individual is leaving the company. Next week Kanguru will be announcing a powerful new add-on module specifically designed to keep unauthorized flash drives out and prevent data leakage via USB devices.
Data Security, Portable Storage
London Evening Standard: A computer virus crippled a London council for weeks after a worker accidentally plugged an infected memory stick into a computer. The emergency recovery has cost £501,000 (~ $820,000) thus far.
Lib-Dem councillor Gary Malcolm, who is also an IT specialist, said: “I will be calling for heads to roll. Half a million pounds is a hell of a lot of money to throw away at a time the council says it is strapped for cash. If this had happened in a private company, people would be sacked.”
USB flash drives are a popular vehicle for delivering malware onto computer networks and the threat needs to be taken seriously. This incident is similar in nature to last week’s mysterious laptops that the FBI is now investigating.
Defender Elite, the next generation secure drive from Kanguru, will feature onboard anti-virus scanning to prevent malware from getting anywhere near your USB ports.
Data Security, Government, Malware, Portable Storage
Via ComputerWorld, the FBI is investigating mysterious laptops that were sent to several US Governors’ offices. It seems nobody ordered the computers, and officials are concerned that this might be an attempt to get malware inside the network security perimeter.
USB flash drives and memory cards are also useful for this type of attack due to the natural inclination to plug it in after you find it.
Criminals have tried to put malware on USB devices and then left them outside company offices, hoping someone would plug them into a computer and inadvertently install malicious software on the network. Many Windows systems are configured to automatically run software included on CDs and USB devices using a Windows feature called AutoRun.
The key to preventing these attacks is to have automated USB security policies in place. Users should be restricted to only company-issued devices that have built-in hardware security features. All other devices should be blocked from company networks using group policy or endpoint security, which can be implemented with Kanguru Remote Management Console.
Data Security, Malware, Portable Storage
Kanguru’s newly enhanced Administrator Tool is a stand-alone control panel that allows IT Administrators to customize the settings and policies on Kanguru Defender, Defender Elite and Bio AES encrypted flash drives. The Administrator tool can be used to configure and provision drives or program them to be remotely managed with KRMC.
Configurable options include:
- Password strength and policies
- Master Password
- Number of Invalid Login Attempts before Lockout or Device Deletion
- Password reset options
- IP Range restrictions (Limit access only to approved workstations)
- Setting up secure communication with KRMC
The full press release is available here (PDF).
The proliferation of flash drives in today’s business environment is difficult for IT Administrators to get a handle on. Kanguru Administrator Tool is the first step in taking control of security policies for portable devices.
Data Security, Portable Storage
One of the standard responses to mobile device security risks is to lock down all USB ports on the network and create a white-list of approved devices. Most 3rd-party Endpoint Security solutions will enforce policies based on the flash drive Brand and Model. (e.g. Allow this model, but block all others.) Kanguru encrypted flash drives can be customized with Unique ID’s to offer an additional level of granularity and accountability.
Upon request, Kanguru can burn a unique electronic Device ID on each flash drive. Now employees can be tied to a specific device and usage will be tracked and audited. In addition, security policies can be customized for each individual drive. Administrators will quickly be alerted if an employee attempts to use a device that is not assigned to them, even if it is the same make and model as the approved drive. The Device ID can also be engraved on the outside of the device for quick identification.
Unique ID’s are available on Kanguru Defender, Defender Pro and Bio AES flash drives by request.
Data Security, Portable Storage
A new article at Search Security, “How to secure USB thumb drives“, mentions the Kanguru Remote Management Console as a way for businesses to get a handle on their thumb drive fleets. As the article notes, even small businesses need to consider the implications of portable devices holding massive amounts of company data. Most states have breach notifications laws that apply to businesses of all sizes.
Kanguru Remote Management is compatible with the Kanguru Bio AES and Defender series flash drives. Find out more here.
Data Security, Portable Storage
Follow us on Twitter