It’s like the tale of Pandora’s box. Infected USB sticks are finding their way into people’s mailboxes—and curiosity is making them look inside.
The Australian Police Force is being flooded with phone calls from residents of the Melbourne suburb of Pakenham. Upon connecting the infected USB sticks to thier computers, they’ve been assailed with extremely harmful malware.
USBs Are Like Presents
Part of me understands why they did it, too. These days, USB sticks contain so much data that getting one can be like getting a Christmas present or a surprise gift. A single USB in the mailbox could be a friend delivering a TV series or some vital work documents. They can also be from companies offering free trials or special software offers.
In this case, some of the infected USB sticks did just that. They masqueraded as fraudulent media streaming service offers to lower people’s defenses, playing on the basic human love of unwrapping and getting free things.
Of course, for those who understand the risk of malware and ransomware, the words ‘unmarked USB stick’ can make your stomach knot. The more you learn about malware, the more you realise how far criminals will go to infect your computer. Making hundreds of infected USB sticks to drop in mailboxes is not beyond the realm of possibility, and of course, that’s exactly what has happened.
Nearly Half of People Would Open Infected USB Sticks
There’s that old saying that common sense isn’t common, and when it comes to IT security, it’s even less so. A study conducted by researchers from the University of Illinois, the University of Michigan, and Google revealed nearly half of people wouldn’t just plug in a USB stick they found on the ground into their PCs, they’d open files and click on unfamiliar links.
Feel that stomach knotting now? I know I am. And up to half of people includes employees of your business. Upon being delivered a strange USB to your office, there’s almost a 50/50 chance whoever receives it would just plug it in and start clicking on links.
Infected USB Sticks Take Down Governments
The funny thing is, even though infected USB sticks have been around for ages, everyone falls for it; even governments. In 2010 (Six years now!) Iran’s nuclear facility was utterly demolished by the Stuxnet sabotage malware, delivered via USB stick. It destroyed their uranium enrichment centrifuges and put them out of operation.
And the trick still works. Last month, a Hong Kong-based company started selling a USB stick called USB Kill v2 that fries any computer it’s plugged into. Even air-gapped computers—machines physically removed from networks for data safety—can be undermined by infected USB sticks.
Idiot-Proofing Your Machines and Servers
Let’s face it; training your colleagues, staff, or anyone in best IT security practices is always an uphill battle. You never know if the protocol is going to stick in their heads, or if they’re just going to ignore it and plug in infected USB sticks into the company computers anyway. You’ll only know for sure once they do it, and by then, it’s too late.
Anti-virus is going to do very little to stop this sort of USB intrusion, and on top of that, they work on a signature-based recognition method that is always playing catch-up with hackers.
Rather than rely on people not being obtuse or the anti-virus being on the ball, you’re better off proactively protecting your company’s data. Make regular backups of servers and workstations: three backups on two different media, and keep one off-site. This is called a 3-2-1 backup strategy.
With this sort of strategy in place, even if employees plug in infected USB sticks with the worst sort of malware on them, a bare-metal recovery will return things to normal.