Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Cyber Security Group

USB Drives like Jelly Beans

Created: 26 Nov 2012 • 1 comment
SecurityHill's picture
+1 1 Vote
Login to vote
If you have kids you know how much they like jelly beans.  Other than them being candy, I believe the multitude of colors and flavors greatly adds to their attraction.  So I find myself in a large retail chain the other day walking past the aisle with USB drives.  The store had all kind of USB drives in various colors, shapes and capacities, so I begin thinking of jelly beans.  We all know if we do not pay attention and let our kids eat too many jelly beans that they can become sick, so I believe we are well beyond that point with USB drives.  For our Enterprise organizations eating USB drives is most likely not an issue, but the public consumption / ownership of multiple drives is an issue.  I personally know that I have over eight lying around in my household alone.  Well I don’t believe the average consumer may have that many, however I would bet that most people own two or more.
This is where I believe the problem lies.  Although we have had a million discussions on the potential risks of USB drives from data loss to malware exposure, I believe we have become accustom to their casual use within our organizations.  I specifically want to address the threat from malware.  Recently I witnessed a large organization spend the better part of two days containing and remediating the spread of W32.SillyFDC and W32.Downadup – aka “Confiker.  In this case several users had grown so accustom to using these devices within their organization that they had began violating corporate policy and storing personal files from home on the drives.  While these drives were off the corporate network they were exposed to malware.  Typically this would not have been an issue, but the corporate workstations were still configured to execute autorun.inf, even over a year after Microsoft implemented updates to disable autorun.inf.  So in this example is the jelly bean the problem or the child?  As in most security situations it is a little of both.
 
So here are a few quick suggestions for reducing the spread of USB Malware:
  1. Re-educate on your organizations policy for use of removable media.  It’s amazing what few accidently dropped USB drives from IT Security left in an organization parking lot can do to elevate the discussion at the next security awareness presentation.
  2. Do not allow autorun for removable drives or network shares. For additional information - How to disable the Autorun functionality in Windows: http://support.microsoft.com/kb/967715
  3. Implement strong endpoint protection and maintain current updates and initiate on demand scans for newly connected drives before accessing data.
  4. Implement solutions that have Device Control and block programs from running from removable drives.  For additional information see - Creating an Application and Device Control Policy - http://www.symantec.com/docs/HOWTO18254
  5. And don’t eat too many of the black jelly beans!

 

Blog Entry Filed Under:

Comments 1 CommentJump to latest comment

patriot3w's picture

Thanks for sharing.

+2
Login to vote