Top menu

09/27/2016

Want to hack a network? Dropping a thumb drive in the parking lot still works!

A recent experiment conducted by Elie Bursztein of Google’s anti-abuse research team should have you afraid, very afraid.

The experiment tested the effectiveness of spreading malware based on dropping USB thumb drives on a university campus. The experiment found that 98 percent of the 297 USB drives dropped were picked up and almost half of them were plugged in to a computer and the files stored on them clicked.

And if you want a higher probability that the device will be plugged in, just add some keys to the ring on the thumb drive and your chances for a successful “plug in” will increase. Why? As the study found in a follow-up survey, the people that plugged the device into the computer and clicked on a file were just looking for a way to get the keys and USB drive back to their rightful owner.

Or you can just write the word “confidential” on the thumb drive and watch your chances soar!

Click here to read the full study: USB Penetration Test

So, in terms of a socially engineered security breach, the “USB drive in the parking lot” exploits two aspects of human nature, curiosity and the desire to help. While organizations have spent millions of dollars strengthening their perimeter defenses against malicious outsider attacks, it can all be overcome with a few $3 thumb drives scattered around a parking lot in order to trick a trusted insider into doing their dirty work. And it only takes one.

You would expect that with all the education and awareness around computer security, malware and viruses, that the “USB drive in the parking lot” trick would not be effective anymore, but as this experiment once again proves, education just can’t overcome human nature. And as we’ve said before, in the context of an organization’s data security strategy, it’s extremely important that we protect our staff from themselves.

Before you say “our staff are trained not put unauthorized USB drives into their computer,” stop and think about where all the thumb drives in your organization originate. Maybe it’s a staff member who transferred photos to their work computer using their personal thumb drive, most likely without proper malware protection on their home computer. Or, maybe it’s one of your sales people using a thumb drive they received as a giveaway at a tradeshow. Again, trouble ensues if the drive is either purposely or accidently infected. Maybe it really is a thumb drive they found in the parking lot!

Look around your office right now. Open a few desk drawers. You’ll most likely see plenty of thumb drives that you have no idea where they came from, who used them previously and if they were ever checked for viruses or malware.

Each of them is a security breach just waiting to happen.

Fortunately, DeviceLock can help. The device and port controls that are built into the DeviceLock Core Module enable organizations to block any unauthorized USB device from being accessed by an endpoint computer. In fact, they can even block the USB port itself from any USB thumb drive while still allowing other kinds of USB connected device types to use the port.

As well, authorized USB devices can be whitelisted by their manufacturer’s model or unique device numbers so that they can be used unimpeded by staff or, if you want to allow any USB device to be used, DeviceLock can be configured to prevent executables from being accessed from them, specified content moving to them, or limit access by hour/day or to read-only status.

By managing the types of devices that can be used on a computer and the types of files that can be accessed or downloaded via devices, DeviceLock helps ensure that endpoints are guarded against malicious or accidental malware introduction as well as against unauthorized outbound data breaches.

As a data leak prevention (DLP) solution, DeviceLock provides many more features to stop data from accidently or purposely leaving an organization. You can read much more about these capabilities in the appropriate sections of our website, www.devicelock.com.

As Elie Bursztein’s recent experiment proves, the “USB drive in the parking lot” is still a very effective way for a hacker to infiltrate a computer and subsequently, an entire organization’s network. The experiment shows that in 2016, you still can’t stop an employee from plugging a random thumb drive into a computer, but at least with DeviceLock, you can block some very bad things from happening if they do!

If you’d like to trial the DeviceLock DLP Suite for 30 days, please visit our website at: http://www.devicelock.com/download. For more information on DeviceLock’s DLP solutions, call us at 925-231-4400 or email to us.sales (at) devicelock.com to talk to one of our endpoint security specialists.