Leave that USB Drive Where You Found It

Some 60% of people will pick up a USB flash drive found near their work and plug it in. Don’t be one of those people. That USB drive could contain malware to encrypt or steal your data, monitor your screen, or control your keyboard. Avoid the risks.

Hand picking up a usb from the grass with a circle of bugs nearby in a circle.

You come across a thumb drive, or USB drive that you don’t recognize. Maybe you find it in the parking lot of your building or by the copier in the office. You’re curious      or you want to plug it in to identify where to return it. Don’t do it.  Risks abound.

Consider this jaw-dropping example. That's how the Stuxnet malware virus that hit an Iranian nuclear facility got its start. It’s believed employees at the facility plugged in a USB drive they found in the parking lot.

From there the virus was able to reach the computers controlling the centrifuges, causing them to spin too fast and become damaged. The attackers couldn’t get in directly, as the computers were on a disconnected network. Clever and sneaky!

Risk of Thumb Drive Attack

Now, you might be thinking, "but I’m not an Iranian nuclear facility." But that      doesn’t prevent cybercriminals from wanting to access your network and systems. USB drives are one more way that bad actors can do so. In fact,      one study found that 60 percent of people were likely to connect random      thumb drives found near their building. If the business logo was on the      drive, the number went up to 90 percent.

Even with cloud computing, we still see these small, portable drives used universally. They are compact and convenient. That also makes them an attractive target for bad actors Hackers can pre-program USBs to act maliciously once connected to the network. They might:

  • steal a user's data
  • gain access to the user’s keyboard
  • monitor the user’s screen
  • encrypt user data in exchange for a ransom
  • spread infection

Most of these can      happen without the user even knowing it, as the malware runs in the      background. And doing so can cause a ton of damage and liability to the      company. 

Avoid USB      Drive Attacks

How do you keep your business safe from infected USB drives? First, don’t insert unknown flash drives. Hackers will try to take advantage of human curiosity or their desire to help.

It's also good to use different flash drives for personal and professional computers. This helps cut the chances that you’ll spread an infection from one to the other.

You might also enable security measures on USB drives, such as fingerprint authentication. This, and keeping computer software and hardware up to date, can cut      vulnerabilities. Also, keep your malware and anti-virus protections current, and patch regularly.

Windows users can also disable the Autorun function. This prevents Windows from automatically opening removable media immediately upon insertion.

We're here to help. Call us at  610-599-6195 to contact the experts at Borked PC if you suspect a security threat or want to update your security posture.