There’s nothing more intriguing than finding a random USB drive while cleaning up your office or while out and about. You might feel the urge to plug it in and discover its contents, but we are here to tell you that this is often a bad idea—particularly if the drive is unfamiliar to you. Unlike cloud storage, which is quite transparent, you don’t know what’s on a USB drive until you plug it in, and it’s often too late by the time this happens.
USB drives are preferred by hackers when they need a way to infect computers without using the Internet. They can distribute malware to a network using their plug-and-play compatibility, making any endpoint a viable entry point for their threats. One of the biggest and most notable examples is the Stuxnet worm, a threat that targeted Windows 2000 through Windows 7. While there is no official proof of it, it is thought to be the threat that brought down about 20 percent of Iran’s nuclear centrifuges, primarily due to the fact that these systems were offline and because it is easily distributed through a USB drive.
Of course, there are plenty of other examples to call upon, some of which allow for remote access, keyloggers, or credential theft. Some can even lock down infrastructures and encrypt all of their contents through ransomware. USB drives can also become infected if they are plugged into infected systems, allowing unsuspecting employees to cause even more damage and spread the threats elsewhere.
Another dangerous USB threat is the “USB killer,” a device that can actually damage the hardware itself. A USB killer discharges power into the connected device to damage it. They can cause irreparable damage that requires maintenance or replacement. It’s not malware, but it doesn’t always have to be to do damage to your infrastructure and productivity.
The best way to keep these threats from damaging your infrastructure is to take two different approaches to cybersecurity.
First, you need to be aware that these threats exist and could be problematic for your business. Just knowing that they exist, however, is not always enough. It’s what you do with that information that matters more.
Second, you should be prepared to use this knowledge and teach your employees how to appropriately respond to these devices. In short, they need to know that they shouldn’t be plugging in unknown USB drives if they find them in odd places or receive them in the mail. They should always follow up with your IT resource.
TechNet Task Group and its technicians know what to do about cybersecurity threats that target your business, and we can help you address them in an appropriate way. Whether it’s a USB drive or other type of threat, you can rest assured that we can help you identify them and address them. We can also remotely monitor your systems for oddities that might be problematic.
To get started, contact us at (716) 685-1181.