Removable Media Security Alert

Did you see the Nova special Rise of the Hackers? I was stunned by an experiment they conducted:

They took infected USB thumb drives with corporate logos on them and basically threw them around company parking lots. A staggering number of people, upwards of 70%, plugged those infected thumb drives into their corporate machines. Unbeknownst to them a malicious program transferred onto their corporate network. That program then sent information back to the researchers. This gets much worse, when they left a CDROM with a handwritten title of Quarterly Financials and Salaries in the parking lot a mind boggling 100% infection resulted. I need to say that again: 100% infection.

The researchers conclude that Stuxnet was delivered into the Iranian nuclear enrichment facility via infected thumb drive or CDROM. For those of you not too familiar with Stuxnet I suggest you check out the Nova show. In a nutshell though, Stuxnet is a very complex program that seeks out specific machine controllers used to operate the motors in uranium enrichment centrifuges. Stuxnet basically blew up those centrifuges which set back the Iranian nuclear program a few months.

What’s incredible here is that hands down Stuxnet is the most advanced malware yet to be produced, as far as we know anyway. And it wasn’t delivered via email spearphishing, or infected websites, or any other network-based attack vector. It came in right off the street, carried in by an authorized user and put into service with a simple thumb push. How’s that for all the money spent on perimeter defense?

Think about this: a person, group, or government entity could engineer an attack on our critical infrastructure – think power grid, oil refineries, and the like – and cripple us to a degree that could completely destabilize our way of life. What would it be like to lose power for 2 months? What would happen to our society? Stuxnet is a weapon. Perhaps the most dangerous weapon ever developed; because it achieves its goal without taking a single life it seems to me that it’s far more likely to be used.

Pandora’s Box is now open and it means the endpoint is the new perimeter.

More from the Digital Guardian Data Security Knowledge Base:


Rob Priore

Please post your comments here

Data-Centric Security: Why You Need it, How to Get Started

Forrester VP and Principal Analyst John Kindervag explains the fundamentals of a data-centric security approach, why you need it, and how to get started. Watch the webinar on demand.

Watch Now

Related Articles
Friday Five: 5/29 Edition

Costa Rica's state bank deals with hackers, North Dakota's contact tracing app causes controversy, Google issues warnings of government-backed attackers - catch up on all the week's news with the Friday Five.

That Little USB of Horrors

Beware USBs promising a quick recharge of your mobile device; they might also be leeching data as well.

Call for Papers: The Inside Track

Get advice from organisers and reviewers of cyber security conferences on how to write winning conference submissions.