Removable Media Security Alert

Did you see the Nova special Rise of the Hackers? I was stunned by an experiment they conducted:

They took infected USB thumb drives with corporate logos on them and basically threw them around company parking lots. A staggering number of people, upwards of 70%, plugged those infected thumb drives into their corporate machines. Unbeknownst to them a malicious program transferred onto their corporate network. That program then sent information back to the researchers. This gets much worse, when they left a CDROM with a handwritten title of Quarterly Financials and Salaries in the parking lot a mind boggling 100% infection resulted. I need to say that again: 100% infection.

The researchers conclude that Stuxnet was delivered into the Iranian nuclear enrichment facility via infected thumb drive or CDROM. For those of you not too familiar with Stuxnet I suggest you check out the Nova show. In a nutshell though, Stuxnet is a very complex program that seeks out specific machine controllers used to operate the motors in uranium enrichment centrifuges. Stuxnet basically blew up those centrifuges which set back the Iranian nuclear program a few months.

What’s incredible here is that hands down Stuxnet is the most advanced malware yet to be produced, as far as we know anyway. And it wasn’t delivered via email spearphishing, or infected websites, or any other network-based attack vector. It came in right off the street, carried in by an authorized user and put into service with a simple thumb push. How’s that for all the money spent on perimeter defense?

Think about this: a person, group, or government entity could engineer an attack on our critical infrastructure – think power grid, oil refineries, and the like – and cripple us to a degree that could completely destabilize our way of life. What would it be like to lose power for 2 months? What would happen to our society? Stuxnet is a weapon. Perhaps the most dangerous weapon ever developed; because it achieves its goal without taking a single life it seems to me that it’s far more likely to be used.

Pandora’s Box is now open and it means the endpoint is the new perimeter.

More from the Digital Guardian Data Security Knowledge Base:


Rob Priore

Please post your comments here

Data-Centric Security: Why You Need it, How to Get Started

Forrester VP and Principal Analyst John Kindervag explains the fundamentals of a data-centric security approach, why you need it, and how to get started. Watch the webinar on demand.

Watch Now

Related Articles
Why I Signed on with an IT Security Vendor

Here's why I jumped to the vendor side of the fence after 12 years as a Fortune 100 incident responder and threat researcher.

Podcast: The Ransomware Problem

Thomas Fischer and Paul Roberts discuss the ransomware problem that is currently impacting businesses around the globe.

2016 Verizon DBIR: It’s All About the Benjamins, Baby

Since the beginning of the data breach era, which most often is pegged to the disclosure of the ChoicePoint compromise, security analysts have been looking for telltale signs of shifts in the techniques and motives that attackers are using. But after more than a decade of breaches and the collection of data about what’s caused them, what’s become clear is that there’s no magic or mystery behind it.