Why is Thumb Drive Vulnerable?
Thumb drive, flash drive, memory stick, pen drive, or USB drive refers to the same object. The data stick is everyone’s favorite gadget in emerging IT environment. It is stylish, compact, and convenient. However, it can bring in virus and malware from other infected systems to yours. Some people are cautious enough to scan the drive as soon as it is plugged in. However, if the scan results are clean, we rest assured that all is well and fine. Is that the reality too? Let us see.
A firmware controls the basic functions of a thumb drive and helps it to get connected with other gadgets including your PC. Even after you format the entire content of the USB thumb drive, yet the malware can reside on the controller chip that lets it communicate with the PC. The thumb drive malware can be used to freeze your PC and pilfer all the information.
Top 5 Thumb Drive Risks We Ignore
Here is a list of top security risks from any standard thumb drive carriers and we innocently ignore.
The Size Issue
On one hand where the compact size of the thumb drives is amazingly convenient, on the other hand, it is the cause of the drive being misplaced as well.
A survey conducted in New York and London among taxi drivers found that 12500+ handheld devices were left behind in the taxi by people in a hurry. Furthermore, over 2000000+ thumb drives were misplaced all across the Globe in 2007 alone.
A thumb drive that is misplaced for a few minutes or misplaced altogether means the obligation and reputation of an organization is misplaced and is at risk.
Zero Inbuilt Security
The handy and compact thumb drives do not have any inbuilt feature for security. There is no default password protection system or default encryption to keep the official data safe and secured.
Usually, the data on the thumb drive is not encrypted. Personal information on a misplaced thumb drive can lead to identity theft. The cyber criminals can easily program a USB device to function as a data theft device and rob all the information they need.
While you get handy speed with the thumb drive to just plug in and play, so do the hackers. A few seconds is all it takes to upload a malware on your thumb drive. Even if the drive is out of your sight for a few seconds, it can be compromised and can be programmed to hack all your information.
There is no reset function in a thumb drive. Thus, when you delete the data it simply hides as FAT file. Using a data recovery program, all the data that has been deleted from the thumb drive can be retrieved and misused. It is as vulnerable as sensitive data written on a plain white sheet on your desk. The impact of the data theft depends upon the kind of information that had been stored on the thumb drive. Loss of sensitive company information via a thumb drive can lead to loss of reputation.
List of Thumb Drive Security Risks
The malware infected on a thumb drive can do crazy and unimaginable things when it enters the enterprise zone. They are designed and programmed to hijack your computer, network, and server, which are famously known as weaponized malware. A list of known security threats that infect a thumb drive include.
- Backdoor: Gives access of the system to a third party without any need of the authentication process.
- Browser Hijacker: Browser is hijacked to enable pop-up ads, steal information and alter it, redirect it to unwanted web sites.
- Exploit: Attacks the operating systems’ vulnerabilities.
- Key Logger: Copies keystrokes of a system and sends information to the hacker.
- Rootkit: Inflicts modifications of a system by gaining root control.
- Spyware: Collects, packs and sends all information, including passwords and safety information, from a computer to an unauthorized user.
- Trojan: Bad software that represents itself as genuine software.
- Virus: Enter without permission of the user and replicate itself on the system usually to take over.
Top and Famous Thumb Drive Malware to Beware of
- Stuxnet: Stuxnet is the first of its kind Malware that was designed to hack the programmable Logic controller (PLCs), works in combination of worm, link file and Rootkit to target Windows systems. It was programmed to sabotage the Iranian plants for nuclear assets earlier. This malware has a valid digital signature and inflict Windows systems. Even after 7 years of its inception, it is still a mystery.
- DUQU: Being written by the same author who designed Stuxnet, this malware, too exploits Zero day vulnerability of the Windows system. The malware steals information from the system by copying its keystrokes. It also steals the system information and is capable of attacking.
- Flame: Flame is the most complex malware ever designed, it is written in Lua scripting language and C++ language. The malware was designed to target Middle Eastern nations for cyber espionage activities. Creates Bluetooth ambiance and steals data from not only a system, but all the nearby devices as well.
- WireLurker: This malware is believed to be inflicting the iOS and Mac OS and third-party software. The malware was designed to target on Chinese users that use Apple mobiles and desktop devices. The malware monitors IOS devices connected to USB ports.
- Bladabindi: Bladabindi is the virus that has multiple identities. It hacks the personal computers to steal the sensitive personal information and allows other malware to download to give backdoor access to your PC.
- BadUSB: Reprograms the thumb drive to act as a keyboard and commands the system to install malware. It can infect the controller chips of all other connected USB devices as well. It changes a system’s DNS to redirect traffic to the network it desires. The virus has infected in the boot drive of the system, hence it is not easily detected.
- BadBIOS: A self-curing virus can infect MAC and PC. It takes charge of all the devices on the network and is tough to control. The virus alters the BIOS and programs it as per its own requirements. Once this virus gains the access, the system becomes vulnerable and the virus does whatever it wants to.
- Mariposa Botnet Malware: It is a botnet used in a DDoS attack and scamming. The malware installs itself, monitors password, bank and credit card credentials and spread across connected systems. After the first infection, the malware tries to contact a C&C server within the botnet.
NIST Spelled Policy Regarding Thumb Drive Security Practice
The National Institute of Standards and Technology (NIST) establish major information security standards and a set of best practices, technical requirements, and the National Institute of Standards and Technology have laid policies.
The NIST believes in meticulously managing the use of thumb drives and other portable storage devices.
- No personal devices must be used on federal systems. Only the devices owned and provided by the Commerce Department can be used on official systems. It restricts the risk and the thumb drives issued to the employees are preloaded with security structure.
- Each system must have a secure configuration.
- All Windows based systems have Autorun/play functions disabled.
- All systems are under constant monitoring and assessment of the security risks.
- All systems are enabled for the discovery of threats and recovery from the threats.
- The latest patches, security updates, and antivirus signatures are kept up to date.
- An encryption policy for mobile devices has been introduced since 2001. The Federal Information Processing Standards 140-2 covers four levels of qualitatively security requirements pertaining to cryptographic modules.
- Level One: No physical security, but at least one approved algorithm.
- Level Two: Some physical security and authentication based on the employee’s role.
- Level Three: Tight physical security and identification based authorization.
- Level Four: All round envelope of absolute protection.
- All employees must drop off the old media in a secure container. The content of the secured containers are collected at regular intervals and carefully destroyed.
- An employee training to educate and update them on the latest security threats and safety measures is conducted on an annual basis.
Security Precautions for the Thumb Drives
When a malware infected thumb drive, the worm resides in it can replicate itself on the office network. Here are a few steps that you must follow to keep yourself and all the systems you connect your thumb drive with safe from security risks.
- Do not store your personal sensitive data such as credit card details or passwords on your thumb drive.
- Download and use authentic encryption software. It will not nullify the risk, but can certainly limit the risk.
- Enable the safety features and user authentication in your thumb drives. If you are about to buy one, go for the new thumb drives that offer maximum safety features.
- Keep them safe in your table under a lock and key. Never leave them vulnerable.
- Own different devices for personal use and for the professional use. If there is some data that you must carry home from the office, take backup via email or cloud services.
- Disable Auto detect and Auto run for on Windows system.
- Enable antivirus to scan all the plug-in devices.
- Never use a thumb drive that you just found lying around.
For the safety of enterprises against thumb drive security risks
- Use layered protection.
- Educate your employees and.
- Do not authorize the use of unsecured thumb drives.
- Enable strict data encryption and also use passwords.
- Enable risk management and compliance controls.
- Educate yourself and quantify the IT Watch of your entire organization.
Data is the new age currency as far as the hackers are concerned. The safety of network and systems, while using the removable media including the thumb drives depends on the discretion of the users’ awareness, judgment, and diligence.
Related Posts :